Create Interactive Tour

Analysis Report Locky

Overview

General Information

Sample Name:Locky (renamed file extension from none to exe)
MD5:b06d9dd17c69ed2ae75d9e40b2631b42
SHA1:b606aaa402bfe4a15ef80165e964d384f25564e4
SHA256:bc98c8b22461a2c2631b2feec399208fdc4ecd1cd2229066c2f385caa958daa3

Most interesting Screenshot:

Detection

Locky
Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for sample
Multi AV Scanner detection for submitted file
Yara detected Locky ransomware
Machine Learning detection for sample
Contains functionality to read the PEB
Creates files inside the system directory
Detected potential crypto function
Enables debug privileges
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Queries disk information (often used to detect virtual machines)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses code obfuscation techniques (call, push, ret)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Malware Configuration

No configs have been found
SourceRuleDescriptionAuthorStrings
Locky.exeJoeSecurity_Locky_ransomwareYara detected Locky ransomwareJoe Security
    SourceRuleDescriptionAuthorStrings
    Process Memory Space: Locky.exe PID: 2320JoeSecurity_Locky_ransomwareYara detected Locky ransomwareJoe Security
      SourceRuleDescriptionAuthorStrings
      0.2.Locky.exe.400000.0.unpackJoeSecurity_Locky_ransomwareYara detected Locky ransomwareJoe Security
        0.0.Locky.exe.400000.0.unpackJoeSecurity_Locky_ransomwareYara detected Locky ransomwareJoe Security

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Antivirus detection for sample
          Source: Locky.exeAvira: detection malicious, Label: TR/Agent.53465
          Multi AV Scanner detection for submitted file
          Source: Locky.exeVirustotal: Detection: 94%Perma Link
          Source: Locky.exeMetadefender: Detection: 84%Perma Link
          Source: Locky.exeReversingLabs: Detection: 95%
          Machine Learning detection for sample
          Source: Locky.exeJoe Sandbox ML: detected

          Spam, unwanted Advertisements and Ransom Demands:

          barindex
          Yara detected Locky ransomware
          Source: Yara matchFile source: Locky.exe, type: SAMPLE
          Source: Yara matchFile source: Process Memory Space: Locky.exe PID: 2320, type: MEMORY
          Source: Yara matchFile source: 0.2.Locky.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.0.Locky.exe.400000.0.unpack, type: UNPACKEDPE

          Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\Windows\AppCompat\Programs\Amcache.hve.tmpJump to behavior
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C23F30_2_001C23F3
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001D23F30_2_001D23F3
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001E23F30_2_001E23F3
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001F23F30_2_001F23F3
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_008B23F30_2_008B23F3
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A723F30_2_00A723F3
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A823F30_2_00A823F3
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A923F30_2_00A923F3
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00AA23F30_2_00AA23F3
          Source: unknownProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 452
          Source: Locky.exe, 00000000.00000000.1059960207.00000000007B7000.00000002.00020000.sdmpBinary or memory string: OriginalFilename vs Locky.exe
          Source: Locky.exeBinary or memory string: OriginalFilename vs Locky.exe
          Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: sfc.dllJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: phoneinfo.dllJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: ext-ms-win-xblauth-console-l1.dllJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: ext-ms-win-xblauth-console-l1.dllJump to behavior
          Source: classification engineClassification label: mal68.rans.winEXE@2/4@0/0
          Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\Users\user\AppData\Local\DBGJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2320
          Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\WER64D5.tmpJump to behavior
          Source: Locky.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\Locky.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: Locky.exeVirustotal: Detection: 94%
          Source: Locky.exeMetadefender: Detection: 84%
          Source: Locky.exeReversingLabs: Detection: 95%
          Source: unknownProcess created: C:\Users\user\Desktop\Locky.exe 'C:\Users\user\Desktop\Locky.exe'
          Source: unknownProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 452

          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C040D push AF0FD0FFh; retf 0_2_001C0414
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C2A0B push AF0FD0FFh; retf 0_2_001C2A12
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C1A30 push AF0FD0FFh; retf 0_2_001C1A37
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C1822 push AF0FD0FFh; retf 0_2_001C1829
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C2023 push AF0FD0FFh; retf 0_2_001C202A
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C085A push AF0FD0FFh; retf 0_2_001C0861
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C024F push AF0FD0FFh; retf 0_2_001C0256
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C2876 push AF0FD0FFh; retf 0_2_001C287D
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C2461 push AF0FD0FFh; retf 0_2_001C2468
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C2298 push AF0FD0FFh; retf 0_2_001C229F
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C1685 push AF0FD0FFh; retf 0_2_001C168C
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C02A1 push AF0FD0FFh; retf 0_2_001C0369
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C10A3 push AF0FD0FFh; retf 0_2_001C10AA
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C1ADD push AF0FD0FFh; retf 0_2_001C1AE4
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C20F4 push AF0FD0FFh; retf 0_2_001C20FB
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C18EA push AF0FD0FFh; retf 0_2_001C18F1
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C26E6 push AF0FD0FFh; retf 0_2_001C26ED
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C0515 push AF0FD0FFh; retf 0_2_001C051C
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C0738 push AF0FD0FFh; retf 0_2_001C073F
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C2336 push AF0FD0FFh; retf 0_2_001C233D
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C2B28 push AF0FD0FFh; retf 0_2_001C2B2F
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C1B5F push edx; ret 0_2_001C1B60
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C2952 push AF0FD0FFh; retf 0_2_001C2959
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C257E push AF0FD0FFh; retf 0_2_001C2585
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C1576 push AF0FD0FFh; retf 0_2_001C157D
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C0362 push AF0FD0FFh; retf 0_2_001C0369
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C019E push AF0FD0FFh; retf 0_2_001C01A5
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C1384 push AF0FD0FFh; retf 0_2_001C138B
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C05B2 push AF0FD0FFh; retf 0_2_001C05B9
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C21D8 push AF0FD0FFh; retf 0_2_001C21DF
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C2BDB push AF0FD0FFh; retf 0_2_001C2BE2

          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Locky.exe TID: 5028Thread sleep time: -31000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeFile opened: PhysicalDrive0Jump to behavior
          Source: C:\Users\user\Desktop\Locky.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information queried: ProcessInformationJump to behavior

          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C05E4 mov eax, dword ptr fs:[00000030h]0_2_001C05E4
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C0604 mov eax, dword ptr fs:[00000030h]0_2_001C0604
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C0604 mov eax, dword ptr fs:[00000030h]0_2_001C0604
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C0864 mov eax, dword ptr fs:[00000030h]0_2_001C0864
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C06A7 mov eax, dword ptr fs:[00000030h]0_2_001C06A7
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C06CA mov eax, dword ptr fs:[00000030h]0_2_001C06CA
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C0757 mov eax, dword ptr fs:[00000030h]0_2_001C0757
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C0751 mov eax, dword ptr fs:[00000030h]0_2_001C0751
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C0742 mov eax, dword ptr fs:[00000030h]0_2_001C0742
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C07D3 mov eax, dword ptr fs:[00000030h]0_2_001C07D3
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C05FD mov eax, dword ptr fs:[00000030h]0_2_001C05FD
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001C07EC mov eax, dword ptr fs:[00000030h]0_2_001C07EC
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001D05E4 mov eax, dword ptr fs:[00000030h]0_2_001D05E4
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001D0604 mov eax, dword ptr fs:[00000030h]0_2_001D0604
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001D0604 mov eax, dword ptr fs:[00000030h]0_2_001D0604
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001D0864 mov eax, dword ptr fs:[00000030h]0_2_001D0864
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001D06A7 mov eax, dword ptr fs:[00000030h]0_2_001D06A7
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001D06CA mov eax, dword ptr fs:[00000030h]0_2_001D06CA
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001D0757 mov eax, dword ptr fs:[00000030h]0_2_001D0757
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001D0751 mov eax, dword ptr fs:[00000030h]0_2_001D0751
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001D0742 mov eax, dword ptr fs:[00000030h]0_2_001D0742
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001D07D3 mov eax, dword ptr fs:[00000030h]0_2_001D07D3
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001D05FD mov eax, dword ptr fs:[00000030h]0_2_001D05FD
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001D07EC mov eax, dword ptr fs:[00000030h]0_2_001D07EC
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001E05E4 mov eax, dword ptr fs:[00000030h]0_2_001E05E4
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001E0604 mov eax, dword ptr fs:[00000030h]0_2_001E0604
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001E0604 mov eax, dword ptr fs:[00000030h]0_2_001E0604
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001E0864 mov eax, dword ptr fs:[00000030h]0_2_001E0864
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001E06A7 mov eax, dword ptr fs:[00000030h]0_2_001E06A7
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001E06CA mov eax, dword ptr fs:[00000030h]0_2_001E06CA
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001E0757 mov eax, dword ptr fs:[00000030h]0_2_001E0757
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001E0751 mov eax, dword ptr fs:[00000030h]0_2_001E0751
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001E0742 mov eax, dword ptr fs:[00000030h]0_2_001E0742
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001E07D3 mov eax, dword ptr fs:[00000030h]0_2_001E07D3
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001E05FD mov eax, dword ptr fs:[00000030h]0_2_001E05FD
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001E07EC mov eax, dword ptr fs:[00000030h]0_2_001E07EC
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001F05E4 mov eax, dword ptr fs:[00000030h]0_2_001F05E4
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001F0604 mov eax, dword ptr fs:[00000030h]0_2_001F0604
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001F0604 mov eax, dword ptr fs:[00000030h]0_2_001F0604
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001F0864 mov eax, dword ptr fs:[00000030h]0_2_001F0864
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001F06A7 mov eax, dword ptr fs:[00000030h]0_2_001F06A7
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001F06CA mov eax, dword ptr fs:[00000030h]0_2_001F06CA
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001F0757 mov eax, dword ptr fs:[00000030h]0_2_001F0757
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001F0751 mov eax, dword ptr fs:[00000030h]0_2_001F0751
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001F0742 mov eax, dword ptr fs:[00000030h]0_2_001F0742
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001F07D3 mov eax, dword ptr fs:[00000030h]0_2_001F07D3
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001F05FD mov eax, dword ptr fs:[00000030h]0_2_001F05FD
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_001F07EC mov eax, dword ptr fs:[00000030h]0_2_001F07EC
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_008B07EC mov eax, dword ptr fs:[00000030h]0_2_008B07EC
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_008B05E4 mov eax, dword ptr fs:[00000030h]0_2_008B05E4
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_008B06A7 mov eax, dword ptr fs:[00000030h]0_2_008B06A7
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_008B06CA mov eax, dword ptr fs:[00000030h]0_2_008B06CA
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_008B0604 mov eax, dword ptr fs:[00000030h]0_2_008B0604
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_008B0604 mov eax, dword ptr fs:[00000030h]0_2_008B0604
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_008B0864 mov eax, dword ptr fs:[00000030h]0_2_008B0864
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_008B07D3 mov eax, dword ptr fs:[00000030h]0_2_008B07D3
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_008B05FD mov eax, dword ptr fs:[00000030h]0_2_008B05FD
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_008B0742 mov eax, dword ptr fs:[00000030h]0_2_008B0742
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_008B0751 mov eax, dword ptr fs:[00000030h]0_2_008B0751
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_008B0757 mov eax, dword ptr fs:[00000030h]0_2_008B0757
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A705E4 mov eax, dword ptr fs:[00000030h]0_2_00A705E4
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A706A7 mov eax, dword ptr fs:[00000030h]0_2_00A706A7
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A706CA mov eax, dword ptr fs:[00000030h]0_2_00A706CA
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A70604 mov eax, dword ptr fs:[00000030h]0_2_00A70604
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A70604 mov eax, dword ptr fs:[00000030h]0_2_00A70604
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A70864 mov eax, dword ptr fs:[00000030h]0_2_00A70864
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A707EC mov eax, dword ptr fs:[00000030h]0_2_00A707EC
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A705FD mov eax, dword ptr fs:[00000030h]0_2_00A705FD
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A707D3 mov eax, dword ptr fs:[00000030h]0_2_00A707D3
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A70742 mov eax, dword ptr fs:[00000030h]0_2_00A70742
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A70757 mov eax, dword ptr fs:[00000030h]0_2_00A70757
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A70751 mov eax, dword ptr fs:[00000030h]0_2_00A70751
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A805E4 mov eax, dword ptr fs:[00000030h]0_2_00A805E4
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A806A7 mov eax, dword ptr fs:[00000030h]0_2_00A806A7
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A806CA mov eax, dword ptr fs:[00000030h]0_2_00A806CA
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A80604 mov eax, dword ptr fs:[00000030h]0_2_00A80604
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A80604 mov eax, dword ptr fs:[00000030h]0_2_00A80604
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A80864 mov eax, dword ptr fs:[00000030h]0_2_00A80864
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A807EC mov eax, dword ptr fs:[00000030h]0_2_00A807EC
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A805FD mov eax, dword ptr fs:[00000030h]0_2_00A805FD
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A807D3 mov eax, dword ptr fs:[00000030h]0_2_00A807D3
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A80742 mov eax, dword ptr fs:[00000030h]0_2_00A80742
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A80751 mov eax, dword ptr fs:[00000030h]0_2_00A80751
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A80757 mov eax, dword ptr fs:[00000030h]0_2_00A80757
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A905E4 mov eax, dword ptr fs:[00000030h]0_2_00A905E4
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A906A7 mov eax, dword ptr fs:[00000030h]0_2_00A906A7
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A906CA mov eax, dword ptr fs:[00000030h]0_2_00A906CA
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A90604 mov eax, dword ptr fs:[00000030h]0_2_00A90604
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A90604 mov eax, dword ptr fs:[00000030h]0_2_00A90604
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A90864 mov eax, dword ptr fs:[00000030h]0_2_00A90864
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A907EC mov eax, dword ptr fs:[00000030h]0_2_00A907EC
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A905FD mov eax, dword ptr fs:[00000030h]0_2_00A905FD
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A907D3 mov eax, dword ptr fs:[00000030h]0_2_00A907D3
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A90742 mov eax, dword ptr fs:[00000030h]0_2_00A90742
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A90751 mov eax, dword ptr fs:[00000030h]0_2_00A90751
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00A90757 mov eax, dword ptr fs:[00000030h]0_2_00A90757
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00AA05E4 mov eax, dword ptr fs:[00000030h]0_2_00AA05E4
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00AA06A7 mov eax, dword ptr fs:[00000030h]0_2_00AA06A7
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00AA06CA mov eax, dword ptr fs:[00000030h]0_2_00AA06CA
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00AA0604 mov eax, dword ptr fs:[00000030h]0_2_00AA0604
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00AA0604 mov eax, dword ptr fs:[00000030h]0_2_00AA0604
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00AA0864 mov eax, dword ptr fs:[00000030h]0_2_00AA0864
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00AA07EC mov eax, dword ptr fs:[00000030h]0_2_00AA07EC
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00AA05FD mov eax, dword ptr fs:[00000030h]0_2_00AA05FD
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00AA07D3 mov eax, dword ptr fs:[00000030h]0_2_00AA07D3
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00AA0742 mov eax, dword ptr fs:[00000030h]0_2_00AA0742
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00AA0751 mov eax, dword ptr fs:[00000030h]0_2_00AA0751
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00AA0757 mov eax, dword ptr fs:[00000030h]0_2_00AA0757
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00AB05E4 mov eax, dword ptr fs:[00000030h]0_2_00AB05E4
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00AB06A7 mov eax, dword ptr fs:[00000030h]0_2_00AB06A7
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00AB06CA mov eax, dword ptr fs:[00000030h]0_2_00AB06CA
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00AB0604 mov eax, dword ptr fs:[00000030h]0_2_00AB0604
          Source: C:\Users\user\Desktop\Locky.exeCode function: 0_2_00AB0604 mov eax, dword ptr fs:[00000030h]0_2_00AB0604
          Source: C:\Windows\SysWOW64\WerFault.exeProcess token adjusted: DebugJump to behavior

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsWindows Remote ManagementWinlogon Helper DLLProcess Injection1Masquerading11Credential DumpingVirtualization/Sandbox Evasion2Application Deployment SoftwareData from Local SystemData Encrypted1Standard Cryptographic Protocol1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Replication Through Removable MediaService ExecutionPort MonitorsAccessibility FeaturesVirtualization/Sandbox Evasion2Network SniffingProcess Discovery1Remote ServicesData from Removable MediaExfiltration Over Other Network MediumFallback ChannelsExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          External Remote ServicesWindows Management InstrumentationAccessibility FeaturesPath InterceptionProcess Injection1Input CaptureSecurity Software Discovery1Windows Remote ManagementData from Network Shared DriveAutomated ExfiltrationCustom Cryptographic ProtocolExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Drive-by CompromiseScheduled TaskSystem FirmwareDLL Search Order HijackingDLL Side-Loading1Credentials in FilesSystem Information Discovery11Logon ScriptsInput CaptureData EncryptedMultiband CommunicationSIM Card SwapPremium SMS Toll Fraud
          Exploit Public-Facing ApplicationCommand-Line InterfaceShortcut ModificationFile System Permissions WeaknessObfuscated Files or Information1Account ManipulationRemote System Discovery1Shared WebrootData StagedScheduled TransferStandard Cryptographic ProtocolManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 230133 Sample: Locky Startdate: 14/05/2020 Architecture: WINDOWS Score: 68 13 Antivirus detection for sample 2->13 15 Multi AV Scanner detection for submitted file 2->15 17 Yara detected Locky ransomware 2->17 19 Machine Learning detection for sample 2->19 6 Locky.exe 8 2->6         started        process3 process4 8 WerFault.exe 25 10 6->8         started        file5 11 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 8->11 dropped

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand
          Behavior
          Click here to start
          Slideshow Behavior Animation
          • System is w10x64
          • Locky.exe (PID: 2320 cmdline: 'C:\Users\user\Desktop\Locky.exe' MD5: B06D9DD17C69ED2AE75D9E40B2631B42)
            • WerFault.exe (PID: 5524 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 452 MD5: 80E91E3C0F5563E4049B62FCAF5D67AC)
          • cleanup
          SourceDetectionScannerLabelLink
          Locky.exe94%VirustotalBrowse
          Locky.exe90%MetadefenderBrowse
          Locky.exe96%ReversingLabsWin32.Trojan.Locky
          Locky.exe100%AviraTR/Agent.53465
          Locky.exe100%Joe Sandbox ML
          No Antivirus matches
          SourceDetectionScannerLabelLinkDownload
          0.2.Locky.exe.400000.0.unpack100%AviraHEUR/AGEN.1034763Download File
          0.0.Locky.exe.400000.0.unpack100%AviraHEUR/AGEN.1034763Download File
          No Antivirus matches
          No Antivirus matches

          Download Network PCAP: filteredfull

          No contacted domains info
          No contacted IP infos

          General Information

          Joe Sandbox Version:28.0.0 Lapis Lazuli
          Analysis ID:230133
          Start date:14.05.2020
          Start time:08:23:38
          Joe Sandbox Product:CloudBasic
          Overall analysis duration:0h 6m 21s
          Hypervisor based Inspection enabled:false
          Report type:full
          Sample file name:Locky (renamed file extension from none to exe)
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113
          Number of analysed new started processes analysed:8
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • HDC enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Detection:MAL
          Classification:mal68.rans.winEXE@2/4@0/0
          EGA Information:
          • Successful, ratio: 100%
          HDC Information:
          • Successful, ratio: 1.5% (good quality ratio 1.3%)
          • Quality average: 69.8%
          • Quality standard deviation: 37.5%
          HCA Information:
          • Successful, ratio: 92%
          • Number of executed functions: 259
          • Number of non-executed functions: 99
          Cookbook Comments:
          • Adjust boot time
          • Enable AMSI
          • Stop behavior analysis, all processes terminated
          Warnings:
          • Exclude process from analysis (whitelisted): WerFault.exe, MusNotifyIcon.exe, svchost.exe, UsoClient.exe
          • Excluded IPs from analysis (whitelisted): 8.248.147.254, 67.27.159.126, 8.253.204.249, 8.248.133.254, 67.26.81.254, 2.18.68.82, 51.104.136.2, 40.127.240.158, 52.158.208.111
          • Excluded domains from analysis (whitelisted): umwatson.trafficmanager.net, fs.microsoft.com, audownload.windowsupdate.nsatc.net, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, settings-win.data.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, watson.telemetry.microsoft.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, settingsfd-geo.trafficmanager.net
          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
          • Report size getting too big, too many NtOpenKeyEx calls found.
          TimeTypeDescription
          08:24:09API Interceptor690x Sleep call for process: Locky.exe modified
          08:25:38API Interceptor1x Sleep call for process: WerFault.exe modified
          No context
          No context
          No context
          No context
          No context
          C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Locky.exe_cf7f314a41a72ba64d6a344af1e178bf365a56b_073a1385_15c6737b\Report.wer
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
          Size (bytes):9494
          Entropy (8bit):3.7737750687541154
          Encrypted:false
          MD5:B651CDA17856DA50A0B203ED3149C982
          SHA1:B98D4546839859460C098C937846634FCB228FA9
          SHA-256:DC10767D63D435BCD2DC586E3BEF835CFCA7297BDBF11DD5107B2202A847EC90
          SHA-512:E8FB0391E2FC239366C5267531C292345830FBFA3BCFA732C7821CA033EE105D0047BA8469C30141DAB574354FFE15BCC51F9D91D5260247C451F8196F29827D
          Malicious:true
          Reputation:low
          Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.3.3.9.1.1.1.3.4.6.2.8.6.4.5.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.3.3.9.1.1.1.3.7.3.7.3.2.8.6.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.2.6.8.4.3.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.0.0.b.7.8.3.7.-.c.c.8.9.-.4.d.7.3.-.a.0.4.0.-.d.a.8.5.2.1.2.2.8.9.6.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.3.5.0.0.f.b.6.-.3.6.7.0.-.4.c.c.d.-.a.4.7.7.-.1.5.7.d.5.b.4.8.2.7.2.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.L.o.c.k.y...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.9.1.0.-.0.0.0.1.-.0.0.2.3.-.1.1.d.0.-.4.3.4.6.b.8.2.9.d.6.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.7.2.2.a.5.4.c.1.b.a.3.3.6.3.9.f.7.c.c.2.3.c.3.9.d.f.9.d.f.6.5.0.0.0.0.f.f.f.f.!.0.0.0.0.b.6.0.6.a.a.a.4.0.2.b.f.e.4.a.1.5.e.f.8.0.1.6.5.e.9.6.4.d.3.8.4.f.2.5.5.6.4.e.4.!.L.o.c.k.y...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.0.
          C:\ProgramData\Microsoft\Windows\WER\Temp\WER64D5.tmp.dmp
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:Mini DuMP crash report, 14 streams, Thu May 14 06:25:35 2020, 0x1205a4 type
          Size (bytes):1064228
          Entropy (8bit):1.8590230819487539
          Encrypted:false
          MD5:576E5C4F95B3AA233B373DF059BAF30C
          SHA1:7F6AD8A030007731BD5E655D575513E10F48FFDC
          SHA-256:B75A927039F60FA20C06B24C45CD2A77F1F9FF71D22CE02F5DB4289FF5115E96
          SHA-512:8BD665405AF5058804B80BEBE8309944C72EA48474BA8F0CDA22F36FEEF18FBF3DC072B4F195DFA81AE1FD5EA3C6440538977EE1B62B9FEC575667C285976950
          Malicious:false
          Reputation:low
          Preview: MDMP....... ......._.^...................?...........B......x.......GenuineIntel............T.............^.............................0..2...............W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .D.a.y.l.i.g.h.t. .T.i.m.e.......................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................
          C:\ProgramData\Microsoft\Windows\WER\Temp\WER6D52.tmp.WERInternalMetadata.xml
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
          Size (bytes):8296
          Entropy (8bit):3.6999155957209426
          Encrypted:false
          MD5:3E30F3CB3E507E67C56838067E44B2D9
          SHA1:3BD55A4D0C05EC684DED3F10A25DC975A6A4CF6A
          SHA-256:EAC93A44CCF5DCA4B850F37252E13FD4F0D81D6A2017FE82DB877823295D29D3
          SHA-512:C27F6A20AC26EAEC00C1FF2CD348E3942F15FD24C90C42257B4848E23C633023A86391758BE4459CC7C3EDD0B7DE6337E735C31D20373E2E2E427B5939B1D122
          Malicious:false
          Reputation:low
          Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1.6.5...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.6.5.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.3.2.0.<./.P.i.d.
          C:\ProgramData\Microsoft\Windows\WER\Temp\WER6DEF.tmp.xml
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
          Size (bytes):4509
          Entropy (8bit):4.4695697308623625
          Encrypted:false
          MD5:FEC9F820D686D9CBD4DB6E69F88D752D
          SHA1:9E1E33DB3F2C2CAAEF8EF8983A329704F35D67F5
          SHA-256:6E98BE6D5546E6D75A6A24802F702ABB2396D208AEC578139650AF5D95031AB5
          SHA-512:6A41FB602918A17308B548297F27D384DEDCB0B2686DCCB2643F2DE4C8FAA8C75AED6D51511C9BFAB65F401EBEBC04306605F49908EFEE81DDE6A0A9C0D40734
          Malicious:false
          Reputation:low
          Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="165" />.. <arg nm="verqfe" val="165" />.. <arg nm="csdbld" val="165" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="967522" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.165.17134.0-11.0.75" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="2048" />

          Static File Info

          General

          File type:PE32 executable (GUI) Intel 80386, for MS Windows
          Entropy (8bit):6.774164647726848
          TrID:
          • Win32 Executable (generic) a (10002005/4) 99.96%
          • Generic Win/DOS Executable (2004/3) 0.02%
          • DOS Executable Generic (2002/1) 0.02%
          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
          File name:Locky.exe
          File size:184320
          MD5:b06d9dd17c69ed2ae75d9e40b2631b42
          SHA1:b606aaa402bfe4a15ef80165e964d384f25564e4
          SHA256:bc98c8b22461a2c2631b2feec399208fdc4ecd1cd2229066c2f385caa958daa3
          SHA512:8e54aca4feb51611142c1f2bf303200113604013c2603eea22d72d00297cb1cb40a2ef11f5129989cd14f90e495db79bffd15bd6282ff564c4af7975b1610c1c
          SSDEEP:3072:gzWgfLlUc7CIJ1tkZaQyjhOosc8MKi6KDXnLCtyAR0u1cZ86:gdLl4wkZa/UDiD7ukst1H6
          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R...3`..3`..3`.r,j..3`../n..3`.r,d..3`..3a..3`..,s..3`..3`..3`.r,k..3`."5f..3`.Rich.3`.........PE..L....>.B...................

          File Icon

          Icon Hash:0b03039bb7b199ab

          General

          Entrypoint:0x40c0dc
          Entrypoint Section:.text
          Digitally signed:false
          Imagebase:0x400000
          Subsystem:windows gui
          Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          DLL Characteristics:
          Time Stamp:0x42B63E17 [Mon Jun 20 03:55:03 2005 UTC]
          TLS Callbacks:
          CLR (.Net) Version:
          OS Version Major:4
          OS Version Minor:0
          File Version Major:4
          File Version Minor:0
          Subsystem Version Major:4
          Subsystem Version Minor:0
          Import Hash:0fcea3af550ad0a893e93808dccf17f4
          Instruction
          push ebp
          mov ebp, esp
          push FFFFFFFFh
          push 0040D2C8h
          push 00407625h
          mov eax, dword ptr fs:[00000000h]
          push eax
          mov dword ptr fs:[00000000h], esp
          sub esp, 68h
          push ebx
          push esi
          push edi
          mov dword ptr [ebp-18h], esp
          xor ebx, ebx
          mov dword ptr [ebp-04h], ebx
          push 00000002h
          call dword ptr [00400D74h]
          pop ecx
          or dword ptr [007B67E8h], FFFFFFFFh
          or dword ptr [007B67ECh], FFFFFFFFh
          call dword ptr [0040D0FCh]
          mov ecx, dword ptr [007B67E4h]
          mov dword ptr [eax], ecx
          call dword ptr [0040D0E8h]
          mov ecx, dword ptr [007B67E0h]
          mov dword ptr [eax], ecx
          mov eax, dword ptr [0040D104h]
          mov eax, dword ptr [eax]
          mov dword ptr [007B67F0h], eax
          call 00007F34985B2515h
          cmp dword ptr [004127B0h], ebx
          jne 00007F34985B240Eh
          push 0040C258h
          call dword ptr [0040D108h]
          pop ecx
          call 00007F34985B24E7h
          push 0040F00Ch
          push 0040F008h
          call 00007F34985B24D2h
          mov eax, dword ptr [007B67DCh]
          mov dword ptr [ebp-6Ch], eax
          lea eax, dword ptr [ebp-6Ch]
          push eax
          push dword ptr [007B67D8h]
          lea eax, dword ptr [ebp-64h]
          push eax
          lea eax, dword ptr [ebp-70h]
          push eax
          lea eax, dword ptr [ebp-60h]
          push eax
          call dword ptr [0040D110h]
          push 0040F004h
          push 0040F000h
          call 00007F34985B249Fh
          Programming Language:
          • [ C ] VS98 (6.0) build 8168
          • [RES] VS98 (6.0) cvtres build 1720
          • [C++] VS98 (6.0) build 8168
          • [LNK] VS98 (6.0) imp/exp build 8168
          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IMPORT0xd2d40x8c.rdata
          IMAGE_DIRECTORY_ENTRY_RESOURCE0x3b70000x190c8.rsrc
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0xd0000x270.rdata
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x10000xb2cc0xc000False0.669230143229data6.53694188411IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          .rdata0xd0000x10c20x2000False0.255859375data3.3412568532IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .data0xf0000x3a77f40x4000unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
          .rsrc0x3b70000x190c80x1a000False0.797964242788data7.04430456199IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          NameRVASizeTypeLanguageCountry
          RT_ICON0x3b8df00xb2ddata
          RT_ICON0x3b96300xb90data
          RT_ICON0x3b9e700xaebdata
          RT_ICON0x3ba6b00x94cdata
          RT_MENU0x3b7b280x4edata
          RT_MENU0x3b7b780x21edata
          RT_DIALOG0x3b7d980x162data
          RT_DIALOG0x3b7f000x192data
          RT_DIALOG0x3b80980x17edata
          RT_DIALOG0x3b82180xeedata
          RT_DIALOG0x3b83080xb8data
          RT_DIALOG0x3b83c00x180data
          RT_DIALOG0x3b85400x96data
          RT_DIALOG0x3b85d80x128data
          RT_DIALOG0x3b87000x1b6data
          RT_DIALOG0x3b88b80xb8data
          RT_DIALOG0x3b89700xb0data
          RT_DIALOG0x3b8a200x172data
          RT_DIALOG0x3b8b980xfcdata
          RT_DIALOG0x3b8c980x152data
          RT_ACCELERATOR0x3baf180x18data
          RT_ACCELERATOR0x3baf300x20data
          RT_ACCELERATOR0x3baf500x20data
          RT_ACCELERATOR0x3baf700x48data
          RT_ACCELERATOR0x3bafb80x60data
          RT_ACCELERATOR0x3bb0180x30data
          RT_ACCELERATOR0x3bb0480x68data
          RT_ACCELERATOR0x3bb0b00x40data
          RT_ACCELERATOR0x3bb0f00x40data
          RT_ACCELERATOR0x3bb1300x28data
          None0x3baef00x5data
          None0x3bb1580x121d5data
          None0x3cd3300x2d96data
          None0x3baf100x1very short file (no magic)
          None0x3baef80x12data
          RT_GROUP_ICON0x3b96180x14data
          RT_GROUP_ICON0x3b9e580x14data
          RT_GROUP_ICON0x3ba6980x14data
          RT_GROUP_ICON0x3baed80x14data
          RT_VERSION0x3b78400x2e8data
          DLLImport
          ADVAPI32.dllGetSecurityDescriptorDacl, RegisterEventSourceA, RegQueryInfoKeyA, GetSidSubAuthorityCount, RegSetValueExA, RegDeleteKeyA, GetKernelObjectSecurity, RegCloseKey, RegQueryValueA, RegLoadKeyA, GetSidSubAuthority, RegConnectRegistryA, LookupPrivilegeValueA, InitiateSystemShutdownA, CreateProcessAsUserA, GetSidIdentifierAuthority, OpenThreadToken, LsaQueryInformationPolicy, RegQueryValueW, EncryptFileW, RegSetValueW, MakeAbsoluteSD, RegOpenKeyExA, RegCreateKeyExW, AddAce, SetNamedSecurityInfoW, OpenEventLogW, GetUserNameW, SetSecurityDescriptorSacl, MakeSelfRelativeSD, RegFlushKey, InitializeSecurityDescriptor, InitializeAcl, SetEntriesInAclA, GetSidLengthRequired, RegSetValueA, SetEntriesInAclW, GetAclInformation
          USER32.dllDrawIconEx, IsDialogMessageA, OffsetRect, PostThreadMessageW, DialogBoxParamA, GetLastActivePopup, GetGUIThreadInfo, DrawStateA, IsWindow, OpenClipboard, InSendMessage, FindWindowW, IsMenu, EnumDisplaySettingsA, DrawAnimatedRects, FrameRect, SetMenuDefaultItem, GrayStringW, CreateDialogIndirectParamW, ClientToScreen, GetParent, TranslateMDISysAccel, CreateDesktopW, ShowCaret, GetProcessWindowStation, TrackPopupMenu, IntersectRect, DialogBoxIndirectParamA, DefWindowProcA, ReuseDDElParam, NotifyWinEvent, SetClipboardData, CloseClipboard, DdeDisconnect, GetClassNameA, GetCaretPos, CharLowerW, GetWindowModuleFileNameA, IsWindowVisible, wvsprintfA, ModifyMenuA, SendDlgItemMessageW, SetCaretBlinkTime, LoadMenuW, GetMenuState, DrawTextExA, ChangeDisplaySettingsW, CreateWindowExW, GetCapture, CreatePopupMenu, SetMenu, CharUpperBuffW, DrawStateW, LoadImageA, GetScrollPos, GetDlgItem, GetClipboardFormatNameW, ValidateRgn, GetWindowThreadProcessId, GetClassInfoExW, DdeAccessData, ShowWindow, GetKeyboardLayout, GetClassInfoW, SetCaretPos, LoadCursorA, FillRect, LoadMenuA, mouse_event, ModifyMenuW, InvalidateRgn, GetMenuItemID, IsIconic, OemToCharA, LoadCursorFromFileW, RegisterWindowMessageA, DispatchMessageW, GetCursorPos, CharPrevA, GetWindowWord
          IMM32.dllImmGetProperty, ImmGetCandidateListCountA, ImmGetCompositionStringA, ImmSetConversionStatus, ImmSetOpenStatus, ImmCreateContext, ImmGetOpenStatus, ImmNotifyIME, ImmInstallIMEA, ImmGetContext, ImmDestroyContext, ImmSimulateHotKey, ImmConfigureIMEA, ImmAssociateContext
          RASAPI32.dllRasDialA, RasGetProjectionInfoA
          KERNEL32.dllWriteFileGather, PulseEvent, GetLongPathNameA
          DescriptionData
          LegalCopyrightIntend (C) 2013
          InternalName
          FileVersion0.37.213.27
          CompanyNameFileSee.com
          PrivateBuild
          LegalTrademarks
          Comments
          ProductNameLipreading Fenced
          SpecialBuild
          ProductVersion0.144.212.113
          FileDescription
          OriginalFilename

          Network Behavior

          Download Network PCAP: filteredfull

          TimestampSource PortDest PortSource IPDest IP
          May 14, 2020 08:24:43.915163040 CEST4997153192.168.2.68.8.8.8
          May 14, 2020 08:24:43.940545082 CEST53499718.8.8.8192.168.2.6
          May 14, 2020 08:25:00.766048908 CEST6113953192.168.2.68.8.8.8
          May 14, 2020 08:25:00.811672926 CEST53611398.8.8.8192.168.2.6
          May 14, 2020 08:25:03.822190046 CEST5813953192.168.2.68.8.8.8
          May 14, 2020 08:25:03.872055054 CEST53581398.8.8.8192.168.2.6
          May 14, 2020 08:25:04.469990015 CEST5765353192.168.2.68.8.8.8
          May 14, 2020 08:25:04.531723976 CEST53576538.8.8.8192.168.2.6
          May 14, 2020 08:25:04.860331059 CEST6108353192.168.2.68.8.8.8
          May 14, 2020 08:25:04.893973112 CEST53610838.8.8.8192.168.2.6
          May 14, 2020 08:25:05.077032089 CEST6112253192.168.2.68.8.8.8
          May 14, 2020 08:25:05.125576019 CEST53611228.8.8.8192.168.2.6
          May 14, 2020 08:25:37.817317963 CEST5055853192.168.2.68.8.8.8
          May 14, 2020 08:25:37.842662096 CEST53505588.8.8.8192.168.2.6

          Code Manipulations

          Statistics

          CPU Usage

          050100150200s020406080100

          Click to jump to process

          Memory Usage

          050100150200s0.005101520MB

          Click to jump to process

          High Level Behavior Distribution

          • File
          • Registry

          Click to dive into process behavior distribution

          Behavior

          Click to jump to process

          System Behavior

          Start time:08:25:33
          Start date:14/05/2020
          Path:C:\Windows\SysWOW64\WerFault.exe
          Wow64 process (32bit):true
          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 452
          Imagebase:0x2c0000
          File size:434584 bytes
          MD5 hash:80E91E3C0F5563E4049B62FCAF5D67AC
          Has administrator privileges:false
          Programmed in:C, C++ or other language
          Reputation:high

          Disassembly

          Code Analysis

          Execution Graph

          Execution Coverage

          Dynamic/Packed Code Coverage

          Signature Coverage

          Execution Coverage:2.8%
          Dynamic/Decrypted Code Coverage:80.3%
          Signature Coverage:3.5%
          Total number of Nodes:173
          Total number of Limit Nodes:24

          Graph

          Show Legend
          Hide Nodes/Edges
          execution_graph 61017 ab182c 61021 ab17af 61017->61021 61018 ab184f RegOpenKeyExA 61019 ab190b 61018->61019 61018->61021 61020 ab187d 61021->61018 61021->61020 60595 1c1713 60596 1c1716 60595->60596 60599 1c191a 60596->60599 60598 1c173b 60600 1c1926 60599->60600 60608 1c196c 60600->60608 60602 1c195f 60615 1c19c2 60602->60615 60604 1c19b5 60605 1c1a4a RegOpenKeyExA 60604->60605 60607 1c1a70 60604->60607 60605->60604 60606 1c1b04 60605->60606 60606->60598 60607->60598 60609 1c1978 60608->60609 60610 1c19c2 RegOpenKeyExA 60609->60610 60611 1c19b5 60610->60611 60612 1c1a4a RegOpenKeyExA 60611->60612 60614 1c1a70 60611->60614 60612->60611 60613 1c1b04 60612->60613 60613->60602 60614->60602 60616 1c19d0 60615->60616 60617 1c1a4a RegOpenKeyExA 60616->60617 60619 1c1a70 60616->60619 60617->60616 60618 1c1b04 60617->60618 60618->60604 60619->60604 61031 8b1713 61032 8b1716 61031->61032 61033 8b191a 3 API calls 61032->61033 61034 8b173b 61033->61034 61035 8b0417 61036 8b041a GlobalAlloc 61035->61036 61037 8b043e 61036->61037 61038 40c0dc 61039 40c10f 61038->61039 61040 40c1d9 PulseEvent 61039->61040 61041 40c1ec WriteFileGather 61040->61041 61043 40c210 61041->61043 60620 1c182c 60621 1c182f 60620->60621 60622 1c184f RegOpenKeyExA 60621->60622 60623 1c1860 60622->60623 61067 a90417 61068 a9041a GlobalAlloc 61067->61068 61069 a9043e 61068->61069 61076 a904a7 61069->61076 61071 a90491 61082 a90544 61071->61082 61073 a90539 61074 a905bf GlobalFree 61073->61074 61075 a905d1 61074->61075 61077 a904b5 61076->61077 61077->61071 61078 a90544 GlobalFree 61077->61078 61079 a90539 61078->61079 61080 a905bf GlobalFree 61079->61080 61081 a905d1 61080->61081 61081->61071 61083 a90552 61082->61083 61084 a905bf GlobalFree 61083->61084 61085 a905d1 61084->61085 61085->61073 61105 1c0ad8 61106 1c0ad9 EnumWindows 61105->61106 61107 1c0ae4 61106->61107 60639 1c0259 60640 1c025c OpenSCManagerA 60639->60640 60641 1c026b 60640->60641 60648 ab01e1 60649 ab01ef 60648->60649 60650 ab025c OpenSCManagerA 60649->60650 60651 ab026b 60650->60651 61159 1c08d7 61160 1c08da 61159->61160 61161 1c191a 3 API calls 61160->61161 61163 1c08fb 61161->61163 61162 1c0904 61163->61162 61165 1c09f9 61163->61165 61168 1c0a04 EnumWindows 61163->61168 61169 1c0aaf EnumWindows 61165->61169 61167 1c0a8d 61168->61165 61169->61167 61170 1c23d7 61171 1c23da Sleep 61170->61171 61172 1c23e6 61171->61172 60652 ab05e4 60663 ab088a 60652->60663 60664 ab089a 60663->60664 60667 ab08b5 EnumWindows 60664->60667 60666 ab089f 60667->60666 60671 1c1f48 60674 1c05e4 60671->60674 60684 1c088a 60674->60684 60685 1c089a 60684->60685 60688 1c08b5 EnumWindows RegOpenKeyExA RegOpenKeyExA RegOpenKeyExA 60685->60688 60687 1c089f 60688->60687 60743 1c0a44 60744 1c0a47 60743->60744 60747 1c0aaf EnumWindows 60744->60747 60746 1c0a8d 60747->60746 60763 8b08d7 60764 8b08da 60763->60764 60772 8b191a 60764->60772 60766 8b0904 60767 8b08fb 60767->60766 60769 8b09f9 60767->60769 60781 8b0a04 EnumWindows 60767->60781 60782 8b0aaf EnumWindows 60769->60782 60771 8b0a8d 60773 8b1926 60772->60773 60783 8b196c 60773->60783 60775 8b195f 60790 8b19c2 60775->60790 60777 8b19b5 60778 8b1a4a RegOpenKeyExA 60777->60778 60780 8b1a70 60777->60780 60778->60777 60779 8b1b04 60778->60779 60779->60767 60780->60767 60781->60769 60782->60771 60784 8b1978 60783->60784 60785 8b19c2 RegOpenKeyExA 60784->60785 60786 8b19b5 60785->60786 60787 8b1a4a RegOpenKeyExA 60786->60787 60789 8b1a70 60786->60789 60787->60786 60788 8b1b04 60787->60788 60788->60775 60789->60775 60791 8b19d0 60790->60791 60792 8b1a4a RegOpenKeyExA 60791->60792 60794 8b1a70 60791->60794 60792->60791 60793 8b1b04 60792->60793 60793->60777 60794->60777 60798 ab22c8 60799 ab22d6 60798->60799 60804 ab235f 60799->60804 60801 ab2359 60802 ab23da Sleep 60801->60802 60803 ab23e6 60802->60803 60805 ab236d 60804->60805 60806 ab23da Sleep 60805->60806 60807 ab23e6 60806->60807 60807->60801 60808 407625 60809 40762e 60808->60809 60816 40bae0 60809->60816 60811 407682 60812 40bae0 37 API calls 60811->60812 60813 407689 60812->60813 60814 40bae0 37 API calls 60813->60814 60815 40768e 60814->60815 60817 40bb2d ImmSetConversionStatus 60816->60817 60819 40bc09 ImmSetConversionStatus 60817->60819 60821 40bc3d ImmSetOpenStatus 60819->60821 60823 40bc63 ImmSetOpenStatus ImmSetConversionStatus ImmCreateContext 60821->60823 60824 40bc5f 60821->60824 60825 40bc91 60823->60825 60826 40bc97 ImmGetOpenStatus ImmNotifyIME 60823->60826 60824->60823 60825->60826 60827 40bcc1 60826->60827 60828 40bcc7 ImmNotifyIME 60826->60828 60827->60828 60829 40bce4 60828->60829 60830 40bce7 7 API calls 60828->60830 60829->60830 60831 40bd6a 60830->60831 60832 40bd6c ImmDestroyContext ImmDestroyContext ImmGetContext ImmSimulateHotKey ImmConfigureIMEA 60830->60832 60831->60832 60833 40bdc0 60832->60833 60834 40bdc7 6 API calls 60832->60834 60833->60834 60839 40be45 60834->60839 60835 40bf04 ImmSetConversionStatus 60836 40bf25 ImmSetOpenStatus ImmSetOpenStatus ImmSetConversionStatus ImmNotifyIME 60835->60836 60835->60839 60838 40bf6b ImmGetOpenStatus 60836->60838 60836->60839 60837 40c000 60837->60811 60838->60839 60840 40bf84 ImmNotifyIME ImmNotifyIME ImmInstallIMEA ImmGetProperty 60838->60840 60839->60835 60839->60836 60839->60837 60839->60838 60839->60840 60840->60839 61233 8b0864 61234 8b0867 EnumDateFormatsA 61233->61234 61235 8b0874 GetPEB 61234->61235 61236 8b0884 61235->61236 60888 ab08d7 60890 ab08da 60888->60890 60889 ab0904 60890->60889 60892 ab09f9 60890->60892 60895 ab0a04 EnumWindows 60890->60895 60896 ab0aaf EnumWindows 60892->60896 60894 ab0a8d 60895->60892 60896->60894

          Executed Functions

          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID: DateEnumFormats
          • String ID:
          • API String ID: 2327613676-0
          • Opcode ID: 3532a5b9e889e1018fda24c33b75067d7e3bd4376ad68f0c0787b683f3d5af84
          • Instruction ID: adb869c2160281ced54276fcca4ba9d8a6ca6cafd03812bdb40b797294725b60
          • Opcode Fuzzy Hash: 3532a5b9e889e1018fda24c33b75067d7e3bd4376ad68f0c0787b683f3d5af84
          • Instruction Fuzzy Hash: A1012622A14648DDE70E2B788E33BFF3E55FB82304F14647DA087C9297CA3887059D86
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumDateFormatsA.KERNEL32(?,?), ref: 008B0867
          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID: DateEnumFormats
          • String ID:
          • API String ID: 2327613676-0
          • Opcode ID: e93e465038acf3c6ed2a827d64366fbcda89879045cb9da6fa8331c80d0a5316
          • Instruction ID: dce1f4ea2467d9ae6448e12c136d65ae418c156aa55dbf65d4ebbe50b338ecd8
          • Opcode Fuzzy Hash: e93e465038acf3c6ed2a827d64366fbcda89879045cb9da6fa8331c80d0a5316
          • Instruction Fuzzy Hash: FC01D631B14608DDE74D7A7CCD62BBF7991FB84704F14553CA043C6196C63886049986
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumDateFormatsA.KERNEL32(?,?), ref: 008B0867
          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID: DateEnumFormats
          • String ID:
          • API String ID: 2327613676-0
          • Opcode ID: abf4fcf26cd1640b95004d2248c4455b2e9f5e834406ed0ee821ab28bd41c7cf
          • Instruction ID: bb22295db97e22a6dd01f6977d6272477003efc5665863c396858482fc34cf94
          • Opcode Fuzzy Hash: abf4fcf26cd1640b95004d2248c4455b2e9f5e834406ed0ee821ab28bd41c7cf
          • Instruction Fuzzy Hash: 1DD022B3A40800E5DB05B355CA033EA37F0FB80388F2420314003C2092EB38C700DD40
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 968d2d6857f00ebc0343ef84ef0da23b8bd5c1bc728534221a40960802dcafc7
          • Instruction ID: 358821f85d9b1b522a8f3c0b51264e0b5ebbbaa22c422e31829f69f8eaa2c409
          • Opcode Fuzzy Hash: 968d2d6857f00ebc0343ef84ef0da23b8bd5c1bc728534221a40960802dcafc7
          • Instruction Fuzzy Hash: 13D05E33D40A28CAD703BEA44B05F1476A4A3A8758F274564C80253042D764DA124686
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 968d2d6857f00ebc0343ef84ef0da23b8bd5c1bc728534221a40960802dcafc7
          • Instruction ID: 95e3db027a3d2bfcc20eb7b95b9bfb98c5bb008ada1a871f8ea2e17a8e14e29e
          • Opcode Fuzzy Hash: 968d2d6857f00ebc0343ef84ef0da23b8bd5c1bc728534221a40960802dcafc7
          • Instruction Fuzzy Hash: 5FD0A733D40D1CCADB03BA644B0553477B4A3D8B68F274560CA05D3043D764DA1247C2
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 968d2d6857f00ebc0343ef84ef0da23b8bd5c1bc728534221a40960802dcafc7
          • Instruction ID: 048ff195d80d6ba3289c4bcb7d09dd0169cc11826767fdd676034291513c92ee
          • Opcode Fuzzy Hash: 968d2d6857f00ebc0343ef84ef0da23b8bd5c1bc728534221a40960802dcafc7
          • Instruction Fuzzy Hash: 81D0A733D40D28CAD703BE645B0571877B4A3D8758F274561C80153242D764DA1257D2
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 968d2d6857f00ebc0343ef84ef0da23b8bd5c1bc728534221a40960802dcafc7
          • Instruction ID: 7d883ddc746d436b64fe3b865a9f3ba5aa4d33f2add1e8a6a651e49fc20d7676
          • Opcode Fuzzy Hash: 968d2d6857f00ebc0343ef84ef0da23b8bd5c1bc728534221a40960802dcafc7
          • Instruction Fuzzy Hash: 96D0A733E50D18CAD7027B644F25D1477B5A3D0758F26C560C80997042D6A4D91247C2
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368598650.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ab0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 968d2d6857f00ebc0343ef84ef0da23b8bd5c1bc728534221a40960802dcafc7
          • Instruction ID: 539bff9141f5174942b55759cc6df5d52920b8da1a851d19d9af8cb7c42dd68a
          • Opcode Fuzzy Hash: 968d2d6857f00ebc0343ef84ef0da23b8bd5c1bc728534221a40960802dcafc7
          • Instruction Fuzzy Hash: 77D0A733D40E18CAD7027BA44B65E567BBCA3D0758F264560C80153043E6A4DA1257C2
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 968d2d6857f00ebc0343ef84ef0da23b8bd5c1bc728534221a40960802dcafc7
          • Instruction ID: 0026e7b94c4eaa882ef155e271e103fe52c3770dfc3ce3a31d13f3790b282f05
          • Opcode Fuzzy Hash: 968d2d6857f00ebc0343ef84ef0da23b8bd5c1bc728534221a40960802dcafc7
          • Instruction Fuzzy Hash: 46D0A733F40D18DEDF027F654B45D1477F4A3D07D8F264560C90197042D7A4D91247C2
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 968d2d6857f00ebc0343ef84ef0da23b8bd5c1bc728534221a40960802dcafc7
          • Instruction ID: 3944b0607245af12d6728ec1573ac782fed763cdfdc631e3fcc4b3ec61d911a1
          • Opcode Fuzzy Hash: 968d2d6857f00ebc0343ef84ef0da23b8bd5c1bc728534221a40960802dcafc7
          • Instruction Fuzzy Hash: 8AD0A733D40F1CCAD7027AA84B5565677A4F3E175CF364560C801D3253E664DA125FC2
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 968d2d6857f00ebc0343ef84ef0da23b8bd5c1bc728534221a40960802dcafc7
          • Instruction ID: 3f26899c990d54f465711da707934a1367eb2e8263990095e514272f82baac8c
          • Opcode Fuzzy Hash: 968d2d6857f00ebc0343ef84ef0da23b8bd5c1bc728534221a40960802dcafc7
          • Instruction Fuzzy Hash: 22D0A733D40D18CAE7427B644B05D1477B4A3D0758F264570C80163042E6A4D92A47C2
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 968d2d6857f00ebc0343ef84ef0da23b8bd5c1bc728534221a40960802dcafc7
          • Instruction ID: 81901d86a751cd59c4cf894cd7146f939dcf939369ee925d3cfc3e9bc9de7121
          • Opcode Fuzzy Hash: 968d2d6857f00ebc0343ef84ef0da23b8bd5c1bc728534221a40960802dcafc7
          • Instruction Fuzzy Hash: D7D0A733D40D18CBD7027F644B05E2477B4A3D175CF268560C802530C2D7A4D91247C2
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 968d2d6857f00ebc0343ef84ef0da23b8bd5c1bc728534221a40960802dcafc7
          • Instruction ID: 76ab69b466250871feb61b73be209c88fe49369dc1ae8186286f44b9972dfd8d
          • Opcode Fuzzy Hash: 968d2d6857f00ebc0343ef84ef0da23b8bd5c1bc728534221a40960802dcafc7
          • Instruction Fuzzy Hash: 81D0A733D40D98CADB13BAA64B05B1C77B5A3DC758F274560C80553042D7E4DA9247D2
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 0 40bae0-40bb2b 1 40bb47-40bb6c 0->1 2 40bb2d-40bb42 0->2 3 40bbab-40bbc3 1->3 4 40bb6e-40bb70 1->4 2->1 5 40bbc5 3->5 6 40bbcc-40bbd4 3->6 7 40bb7a-40bb86 4->7 5->6 10 40bbd6-40bbda 6->10 11 40bbdc-40bbee 6->11 8 40bb88-40bb8a 7->8 9 40bb8c-40bb9b 7->9 8->9 12 40bba6-40bba9 9->12 13 40bb9d-40bba4 9->13 10->11 14 40bbf0-40bbf3 11->14 15 40bbf5-40bc07 ImmSetConversionStatus 11->15 12->3 12->7 13->12 14->15 16 40bc12-40bc20 15->16 17 40bc09-40bc10 15->17 18 40bc22 16->18 19 40bc29-40bc3b ImmSetConversionStatus 16->19 17->16 18->19 20 40bc40-40bc44 19->20 21 40bc3d 19->21 22 40bc46-40bc4a 20->22 23 40bc4d-40bc5d ImmSetOpenStatus 20->23 21->20 22->23 24 40bc63-40bc8f ImmSetOpenStatus ImmSetConversionStatus ImmCreateContext 23->24 25 40bc5f-40bc61 23->25 26 40bc91-40bc95 24->26 27 40bc97-40bcbf ImmGetOpenStatus ImmNotifyIME 24->27 25->24 26->27 28 40bcc1 27->28 29 40bcc7-40bce2 ImmNotifyIME 27->29 28->29 30 40bce4 29->30 31 40bce7-40bd68 ImmGetOpenStatus ImmGetProperty RasGetProjectionInfoA ImmGetProperty * 2 RasDialA ImmGetContext 29->31 30->31 32 40bd6a 31->32 33 40bd6c-40bdbe ImmDestroyContext * 2 ImmGetContext ImmSimulateHotKey ImmConfigureIMEA 31->33 32->33 34 40bdc0 33->34 35 40bdc7-40be43 ImmSimulateHotKey * 2 ImmAssociateContext ImmGetCompositionStringA ImmGetCandidateListCountA * 2 33->35 34->35 36 40be45-40be49 35->36 37 40be4c-40be53 35->37 36->37 38 40be55-40be58 37->38 39 40be5a-40be62 37->39 38->39 40 40be64-40be67 39->40 41 40be69-40be70 39->41 40->41 42 40be72 41->42 43 40be75-40be97 41->43 42->43 44 40be99 43->44 45 40be9e-40bec4 43->45 44->45 46 40bec6 45->46 47 40bec9-40bed8 45->47 46->47 48 40c000-40c00e 47->48 49 40bede-40bee6 47->49 50 40c010 48->50 51 40c039-40c047 48->51 52 40bee8 49->52 53 40beec-40befc 49->53 56 40c01a-40c01e 50->56 54 40c049 51->54 55 40c04b-40c09e call 401e90 51->55 52->53 57 40bf04-40bf1e ImmSetConversionStatus 53->57 58 40befe-40bf02 53->58 54->55 62 40c020 56->62 63 40c027-40c037 56->63 59 40bf20-40bf23 57->59 60 40bf25-40bf63 ImmSetOpenStatus * 2 ImmSetConversionStatus ImmNotifyIME 57->60 58->57 59->60 64 40bf65-40bf69 60->64 65 40bf6b-40bf7e ImmGetOpenStatus 60->65 62->63 63->51 63->56 64->65 67 40bf80-40bf82 65->67 68 40bf84-40bfd0 ImmNotifyIME * 2 ImmInstallIMEA ImmGetProperty 65->68 67->68 69 40bfd2 68->69 70 40bfd8-40bfed 68->70 69->70 71 40bff3-40bffa 70->71 72 40bfef 70->72 71->48 71->49 72->71
          C-Code - Quality: 60%
          			E0040BAE0() {
          				char _v8;
          				char _v24;
          				char _v1076;
          				intOrPtr _t122;
          				intOrPtr _t123;
          				signed int _t124;
          				void* _t139;
          				void* _t143;
          				signed int _t144;
          				signed int _t145;
          				intOrPtr _t148;
          				intOrPtr _t149;
          				void* _t159;
          				intOrPtr _t161;
          				intOrPtr _t166;
          				intOrPtr _t168;
          				void* _t169;
          				signed int _t170;
          				void* _t171;
          				void* _t173;
          				void* _t175;
          				void* _t176;
          				void* _t178;
          				void* _t180;
          				signed int _t182;
          				intOrPtr _t188;
          				intOrPtr _t190;
          				intOrPtr _t192;
          				signed int _t193;
          				signed int _t205;
          				signed int _t206;
          				intOrPtr _t209;
          				intOrPtr _t216;
          				signed int _t227;
          				intOrPtr _t228;
          				intOrPtr _t229;
          				intOrPtr _t276;
          				void* _t278;
          				void* _t279;
          				signed int _t281;
          				void* _t282;
          				signed int _t283;
          				void* _t286;
          				void* _t287;
          				signed int _t288;
          				void* _t289;
          				signed int _t290;
          				signed int _t292;
          				intOrPtr _t293;
          				intOrPtr _t294;
          				void* _t295;
          				void* _t296;
          				signed int _t297;
          				void* _t298;
          				signed int _t299;
          				void* _t300;
          				signed int _t301;
          				signed int _t303;
          				signed int _t305;
          				signed int _t308;
          				void* _t315;
          				intOrPtr _t317;
          				void* _t323;
          
          				_t122 =  *0x412700; // 0x9a1e9711
          				_t229 =  *0x4126cc; // 0xfbfeef88
          				_t168 =  *0x4126e4; // 0xb0c4bca8
          				_t294 =  *0x4126ec; // 0xaff47ac7
          				_t123 = _t122 + 0xfffffcdd - _t168;
          				_t188 =  *0x4126dc; // 0x2adf06fc
          				 *0x412700 = _t123;
          				 *0x4126dc = _t188 + _t229 - _t294;
          				_t190 =  *0x4126e8; // 0xbd4a83b5
          				if(_t190 + _t123 != 0) {
          					_t276 =  *0x4126d4; // 0x791ef22a
          					_t228 =  *0x4126f0; // 0x7a4772e1
          					_t166 =  *0x4126e0; // 0xfbfeef88
          					 *0x4126e0 = _t166 + _t276 - _t228;
          				}
          				_push(E00401E90);
          				_push( *[fs:0x0]);
          				 *[fs:0x0] = _t317;
          				_t192 =  *0x412780; // 0x0
          				_t295 = 0xfffe833c;
          				_t124 = 0xfff6881e;
          				if(_t192 != 0) {
          					_t293 = _t192;
          					 *0x412780 = 0;
          					do {
          						_t1 = _t124 + 0x12f; // 0xfff6894d
          						_t227 =  ~_t124;
          						if(_t1 != 0) {
          							_t124 = _t124 + _t295 - _t227;
          						}
          						_t315 = _t124 + _t124;
          						_t323 = _t124 + _t227;
          						_t124 = _t315 - _t124;
          						if(_t323 != 0) {
          							_t124 = _t124 + 0xfffffc8a - _t227;
          						}
          						_t295 = _t315 - _t124;
          						_t293 = _t293 - 1;
          					} while (_t293 != 0);
          				}
          				_t4 = _t124 + 0x2bd; // 0xfffe85f9
          				_t193 = _t295 + _t4;
          				_t296 = _t295 + 0xfffffdb0 - _t124;
          				_t5 = _t296 - 0x2e2; // 0xfffe805a
          				if(_t5 != 0) {
          					_t193 = _t193 + _t124 - 0x11e;
          				}
          				_t8 = _t193 - 0x1f3; // 0xfffe8406
          				if(_t8 != 0) {
          					_t193 = _t193 + _t296 - _t124;
          				}
          				_t278 = _t124 + _t193 * 2;
          				_t169 = _t278;
          				_t279 = _t278 - 0x387;
          				if(0xfffffc00 != _t279) {
          					_t296 = _t296 + _t279 + _t169;
          				}
          				_push(0x3f);
          				_push(0x60e);
          				_push(0x2a);
          				L0040C2BA();
          				if(_t296 != _t279) {
          					_t296 = _t296 + 0x9b - _t169;
          				}
          				_t170 = _t169 - 0x51;
          				_t297 = _t296 - 0x615;
          				if(_t297 + _t170 != 0) {
          					_t297 = _t297 + _t297 + 0xab;
          				}
          				_push(0x2c);
          				_push(0x60e);
          				_push(0x23);
          				L0040C2BA();
          				if(_t297 != _t170) {
          					_t170 = _t279 + _t170 * 2;
          				}
          				if(_t170 != _t297) {
          					_t170 = _t170 +  ~_t297 * 2;
          				}
          				_push(1);
          				_push(0x37);
          				L0040C2B4();
          				if(0x338 != _t279) {
          					_t279 = _t279 + _t170 - _t297;
          				}
          				_push(1);
          				_push(0x37);
          				L0040C2B4();
          				_push(0x36);
          				_push(0x60e);
          				_push(0x34);
          				_t171 = _t279 + _t279 - 0xa6;
          				L0040C2BA();
          				_t281 =  ~_t297;
          				L0040C2AE();
          				if(_t297 + _t171 != 0) {
          					_t281 = _t281 + _t171 - _t297;
          				}
          				_push(0x33);
          				L0040C2A8();
          				_push(0x40);
          				_push(0x3d);
          				_push(0x3e);
          				_push(0x20);
          				_t298 = _t297 + 0x5a7;
          				L0040C2A2();
          				_t282 = _t281 + 0xffffffd0 - _t298;
          				if(_t298 + _t282 != 0) {
          					_t282 = _t282 - 0x46b;
          				}
          				_push(0x32);
          				_push(0x37);
          				_push(0x2a);
          				_push(0x2e);
          				L0040C2A2();
          				_t299 = _t298 + _t298 + 0x1c6;
          				if(0x245 != _t299) {
          					_t299 = _t171 + _t299 * 2;
          				}
          				_push(0x29);
          				L0040C2A8();
          				_push(0x2d);
          				_push(0x27);
          				L0040C29C();
          				_v8 = 0x3d;
          				_push( &_v8);
          				_push(0);
          				_push(0x28);
          				_push(0xffffffff); // executed
          				L0040C2C6(); // executed
          				_push(0x27);
          				_push(0x20);
          				_t283 = _t282 + _t282 - 0x723;
          				L0040C29C();
          				_push(0x23);
          				_push(0x31);
          				L0040C29C();
          				_push( &_v8);
          				_push(0);
          				_push(0x2a);
          				_push( &_v1076);
          				_push(0x49);
          				_push( &_v24);
          				_v8 = 0x27;
          				L0040C2C0(); // executed
          				_t300 = _t171 + 0x33 - _t299 + _t283 * 2;
          				_push(0x38);
          				_t173 = _t283 + _t300 + 0x3d4;
          				L0040C296();
          				if(0x1c9 != _t173) {
          					_t173 = _t300;
          				}
          				_push(0x2e);
          				L0040C290();
          				_push(0x32);
          				_t301 = _t300 + 0x61c;
          				L0040C290();
          				_push(0x31);
          				L0040C296();
          				_push(0x5aa);
          				_push(0x22);
          				L0040C28A();
          				_push(0);
          				_push(0x2f);
          				_t303 =  ~(_t301 * 4 - _t301) - _t173 + _t173;
          				_push(0x37);
          				_push(0x2e);
          				_t286 =  ~_t301 + _t303 * 2;
          				L0040C284();
          				if(_t286 + _t303 != 0) {
          					_t286 = _t286 + _t286 - 0x119;
          				}
          				_push(0x5aa);
          				_push(0x3d);
          				L0040C28A();
          				_push(0x5aa);
          				_push(0x2a);
          				_t46 = _t303 + 0xab; // 0xab
          				L0040C28A();
          				_push(0x4be);
          				_push(0x2d);
          				L0040C27E();
          				_push(0x730);
          				_push(0);
          				_push(0x3a);
          				_push(0x40);
          				L0040C278();
          				_v8 = 0x2e;
          				_push( &_v8);
          				_push(0x3c);
          				L0040C272();
          				_push( &_v8);
          				_push(0x27);
          				_t287 = _t286 + 0x4b5;
          				_t305 = 0x104 - _t46;
          				_v8 = 0x3e;
          				L0040C272();
          				_t139 = _t287 - 0xffffffffffffffcb;
          				if(_t139 != 0x160) {
          					_t287 = _t287 + 0x175b75a;
          				}
          				if(0x39e != _t305) {
          					_t139 = _t139 - _t287 + _t305;
          				}
          				if(_t287 + 0xd9 != 0) {
          					_t287 = _t287 - _t139 + _t305;
          				}
          				if(_t139 + 0x1e2 != 0) {
          					_t305 = _t287 + _t305 * 2;
          				}
          				_t60 = _t305 - 0x39c; // -2502
          				_t205 = _t305 - 0x733 + _t60;
          				_t143 = 0x505 - _t205 + _t205;
          				_t63 = _t205 * 2; // 0x16e
          				if(0x505 + _t63 - 0x397 != 0) {
          					_t205 = 0x209;
          				}
          				_t144 = _t143 + _t205 + 0x19b;
          				_t206 = _t205 +  ~_t144 * 2;
          				_t145 = _t144 + 0x1f1 - _t206;
          				_t308 =  ~_t145;
          				_t288 = _t145 + _t206 * 2 + (_t145 + _t206 * 2) * 2;
          				if(_t288 + _t308 != 0) {
          					_t308 = _t145 + _t308 * 2;
          				}
          				_t175 = _t145 - _t288 - _t308 + _t145 - _t288 - _t308 - 0x53;
          				_t148 =  *0x412784; // 0x0
          				if(_t148 != 0) {
          					do {
          						if(_t308 + 0x2df != 0) {
          							_t175 = _t175 + _t308 + 0x11;
          						}
          						_t292 = _t288 + _t288 - 0x2b2 - _t308;
          						if(0x24c != _t292) {
          							_t308 = _t308 + _t175 - _t292;
          						}
          						_push(0x3e);
          						_push(0x60e);
          						_push(0x33);
          						L0040C2BA();
          						_t178 = _t175 + _t175 + 0x24e;
          						if(_t292 != 0x6b) {
          							_t292 = _t292 + _t178 + _t308;
          						}
          						_push(1);
          						_push(0x2a);
          						L0040C2B4();
          						_push(1);
          						_push(0x21);
          						L0040C2B4();
          						_push(0x21);
          						_push(0x60e);
          						_push(0x22);
          						_t308 = _t292 + _t292 - _t178;
          						L0040C2BA();
          						_push(0x32);
          						_push(0x20);
          						_push(0x31);
          						_push(0x29);
          						L0040C2A2();
          						_t180 = 0x529 - _t308;
          						if(0x529 + _t308 != 0) {
          							_t180 = _t180 + _t308 - _t292;
          						}
          						_push(0x30);
          						L0040C2A8();
          						_t91 = _t292 + 0x384; // 0x8ad
          						_t159 = _t180 + _t91;
          						if(_t292 + 0x2e != 0) {
          							_t292 = _t292 - _t159 + _t308;
          						}
          						_push(0x2a);
          						_push(0x20);
          						_push(0x2e);
          						_push(0x3b);
          						L0040C2A2();
          						_push(0x38);
          						_push(0x3f);
          						_push(0x28);
          						_push(0x36);
          						_t182 =  ~_t292;
          						L0040C2A2();
          						_push("a6d6L578s522BH7O2");
          						_push("g27kkY9019n7t01");
          						_t288 = _t292 + _t182 + 0x15a;
          						L0040C26C(); // executed
          						_push(0x2f);
          						_push(0x2b);
          						_t175 = _t182 + _t288 + _t308 + 0x27f;
          						L0040C29C();
          						if(_t288 + _t308 != 0) {
          							_t175 = _t175 - 0x17a;
          						}
          						_t216 =  *0x412784; // 0x0
          						 *0x412784 = _t216 - 1;
          						if(_t175 != 0x1be) {
          							_t308 = _t308 + _t308 - 0x14;
          						}
          						_t161 =  *0x412784; // 0x0
          					} while (_t161 != 0);
          				}
          				_t149 =  *0x412788; // 0x0
          				_t289 = _t175 + 0x7ca + _t288 * 4;
          				if(_t149 != 0) {
          					 *0x412788 = 0;
          					do {
          						if(_t175 != _t289) {
          							_t175 = _t175 + _t308 - 0x2f5;
          						}
          						_t175 = _t175 - 0xbc;
          						_t289 = _t289 + 0x204 - _t308;
          						_t149 = _t149 - 1;
          					} while (_t149 != 0);
          				}
          				_t176 = _t175 + 0xfffffe42 - _t308;
          				if(_t289 != 0x3a) {
          					_t176 = _t289;
          				}
          				_t209 = _t176 + _t176;
          				_v8 = _t209;
          				_t110 = _t176 - 0x2dd; // 0xfffff961
          				_t290 =  ~0xfffffc3e + _t110;
          				E00401E90();
          				_t113 = _t290 + 0xfc; // 0xfffffa5d
          				_t115 = 0xfffffc3e - _t176 + _t209 + _t176 - _t290 + _t113 - 0x1ed; // -431
          				_t117 = _t290 - 0x2a8; // 0xfffff6b9
          				_v8 = _v8 + _t115 +  ~_t290 * 2;
          				_v8 = _t290 + _t117;
          				return 0x237;
          			}


































































          0x0040bae9
          0x0040baee
          0x0040baf5
          0x0040bb01
          0x0040bb09
          0x0040bb0b
          0x0040bb16
          0x0040bb1b
          0x0040bb21
          0x0040bb2b
          0x0040bb2d
          0x0040bb33
          0x0040bb39
          0x0040bb42
          0x0040bb42
          0x0040bb47
          0x0040bb4c
          0x0040bb53
          0x0040bb5a
          0x0040bb60
          0x0040bb67
          0x0040bb6c
          0x0040bb6e
          0x0040bb70
          0x0040bb7a
          0x0040bb7c
          0x0040bb82
          0x0040bb86
          0x0040bb8a
          0x0040bb8a
          0x0040bb8c
          0x0040bb97
          0x0040bb99
          0x0040bb9b
          0x0040bba4
          0x0040bba4
          0x0040bba6
          0x0040bba8
          0x0040bba8
          0x0040bb7a
          0x0040bbb0
          0x0040bbb0
          0x0040bbb9
          0x0040bbbb
          0x0040bbc3
          0x0040bbc5
          0x0040bbc5
          0x0040bbcc
          0x0040bbd4
          0x0040bbda
          0x0040bbda
          0x0040bbdc
          0x0040bbe4
          0x0040bbe6
          0x0040bbee
          0x0040bbf3
          0x0040bbf3
          0x0040bbf5
          0x0040bbf7
          0x0040bbfc
          0x0040bbfe
          0x0040bc07
          0x0040bc10
          0x0040bc10
          0x0040bc12
          0x0040bc15
          0x0040bc20
          0x0040bc22
          0x0040bc22
          0x0040bc29
          0x0040bc2b
          0x0040bc30
          0x0040bc32
          0x0040bc3b
          0x0040bc3d
          0x0040bc3d
          0x0040bc44
          0x0040bc4a
          0x0040bc4a
          0x0040bc4d
          0x0040bc4f
          0x0040bc51
          0x0040bc5d
          0x0040bc61
          0x0040bc61
          0x0040bc63
          0x0040bc65
          0x0040bc67
          0x0040bc6c
          0x0040bc6e
          0x0040bc73
          0x0040bc75
          0x0040bc7c
          0x0040bc83
          0x0040bc85
          0x0040bc8f
          0x0040bc95
          0x0040bc95
          0x0040bc97
          0x0040bc99
          0x0040bc9e
          0x0040bca0
          0x0040bca2
          0x0040bca4
          0x0040bca6
          0x0040bcac
          0x0040bcb8
          0x0040bcbf
          0x0040bcc1
          0x0040bcc1
          0x0040bcc7
          0x0040bcc9
          0x0040bccb
          0x0040bccd
          0x0040bccf
          0x0040bcd4
          0x0040bce2
          0x0040bce4
          0x0040bce4
          0x0040bce7
          0x0040bce9
          0x0040bcf3
          0x0040bcf7
          0x0040bcfb
          0x0040bd03
          0x0040bd0a
          0x0040bd0b
          0x0040bd0d
          0x0040bd0f
          0x0040bd11
          0x0040bd16
          0x0040bd18
          0x0040bd1a
          0x0040bd21
          0x0040bd26
          0x0040bd28
          0x0040bd2a
          0x0040bd38
          0x0040bd39
          0x0040bd3b
          0x0040bd3d
          0x0040bd41
          0x0040bd43
          0x0040bd44
          0x0040bd4b
          0x0040bd50
          0x0040bd53
          0x0040bd55
          0x0040bd5c
          0x0040bd68
          0x0040bd6a
          0x0040bd6a
          0x0040bd6c
          0x0040bd6e
          0x0040bd73
          0x0040bd75
          0x0040bd7b
          0x0040bd82
          0x0040bd86
          0x0040bd8b
          0x0040bd90
          0x0040bd92
          0x0040bda3
          0x0040bda9
          0x0040bdab
          0x0040bdad
          0x0040bdaf
          0x0040bdb1
          0x0040bdb4
          0x0040bdbe
          0x0040bdc0
          0x0040bdc0
          0x0040bdc7
          0x0040bdcc
          0x0040bdce
          0x0040bdd3
          0x0040bdd8
          0x0040bdda
          0x0040bde0
          0x0040bde5
          0x0040bdea
          0x0040bdec
          0x0040bdf1
          0x0040bdf6
          0x0040bdf8
          0x0040bdfa
          0x0040bdfc
          0x0040be04
          0x0040be0b
          0x0040be0c
          0x0040be0e
          0x0040be1b
          0x0040be1c
          0x0040be1e
          0x0040be24
          0x0040be26
          0x0040be2d
          0x0040be36
          0x0040be43
          0x0040be49
          0x0040be49
          0x0040be53
          0x0040be58
          0x0040be58
          0x0040be62
          0x0040be67
          0x0040be67
          0x0040be70
          0x0040be72
          0x0040be72
          0x0040be7b
          0x0040be7b
          0x0040be8c
          0x0040be8e
          0x0040be97
          0x0040be99
          0x0040be99
          0x0040be9e
          0x0040bea9
          0x0040beb3
          0x0040beba
          0x0040bebc
          0x0040bec4
          0x0040bec6
          0x0040bec6
          0x0040becd
          0x0040bed1
          0x0040bed8
          0x0040bede
          0x0040bee6
          0x0040bee8
          0x0040bee8
          0x0040bef8
          0x0040befc
          0x0040bf02
          0x0040bf02
          0x0040bf04
          0x0040bf06
          0x0040bf0b
          0x0040bf0d
          0x0040bf15
          0x0040bf1e
          0x0040bf23
          0x0040bf23
          0x0040bf25
          0x0040bf27
          0x0040bf29
          0x0040bf2e
          0x0040bf30
          0x0040bf32
          0x0040bf37
          0x0040bf3c
          0x0040bf41
          0x0040bf43
          0x0040bf45
          0x0040bf4a
          0x0040bf4c
          0x0040bf4e
          0x0040bf50
          0x0040bf52
          0x0040bf5c
          0x0040bf63
          0x0040bf69
          0x0040bf69
          0x0040bf6b
          0x0040bf6d
          0x0040bf75
          0x0040bf75
          0x0040bf7e
          0x0040bf82
          0x0040bf82
          0x0040bf84
          0x0040bf86
          0x0040bf88
          0x0040bf8a
          0x0040bf8c
          0x0040bf91
          0x0040bf93
          0x0040bf97
          0x0040bf99
          0x0040bf9b
          0x0040bf9d
          0x0040bfa2
          0x0040bfa7
          0x0040bfac
          0x0040bfb3
          0x0040bfbb
          0x0040bfbd
          0x0040bfbf
          0x0040bfc6
          0x0040bfd0
          0x0040bfd2
          0x0040bfd2
          0x0040bfd8
          0x0040bfdf
          0x0040bfed
          0x0040bfef
          0x0040bfef
          0x0040bff3
          0x0040bff8
          0x0040bede
          0x0040c000
          0x0040c005
          0x0040c00e
          0x0040c010
          0x0040c01a
          0x0040c01e
          0x0040c020
          0x0040c020
          0x0040c02c
          0x0040c034
          0x0040c036
          0x0040c036
          0x0040c01a
          0x0040c043
          0x0040c047
          0x0040c049
          0x0040c049
          0x0040c050
          0x0040c055
          0x0040c05e
          0x0040c05e
          0x0040c065
          0x0040c06d
          0x0040c07c
          0x0040c083
          0x0040c08f
          0x0040c092
          0x0040c09e

          APIs
          • ImmSetConversionStatus.IMM32(0000002A,0000060E,0000003F,00401E90,?,791EF22A), ref: 0040BBFE
          • ImmSetConversionStatus.IMM32(00000023,0000060E,0000002C,0000002A,0000060E,0000003F,00401E90,?,791EF22A), ref: 0040BC32
          • ImmSetOpenStatus.IMM32(00000037,00000001,00000023,0000060E,0000002C,0000002A,0000060E,0000003F,00401E90,?,791EF22A), ref: 0040BC51
          • ImmSetOpenStatus.IMM32(00000037,00000001,00000037,00000001,00000023,0000060E,0000002C,0000002A,0000060E,0000003F,00401E90,?,791EF22A), ref: 0040BC67
          • ImmSetConversionStatus.IMM32(00000034,0000060E,00000036,00000037,00000001,00000037,00000001,00000023,0000060E,0000002C,0000002A,0000060E,0000003F,00401E90,?,791EF22A), ref: 0040BC7C
          • ImmCreateContext.IMM32(00000034,0000060E,00000036,00000037,00000001,00000037,00000001,00000023,0000060E,0000002C,0000002A,0000060E,0000003F,00401E90,?,791EF22A), ref: 0040BC85
          • ImmGetOpenStatus.IMM32(00000033,00000034,0000060E,00000036,00000037,00000001,00000037,00000001,00000023,0000060E,0000002C,0000002A,0000060E,0000003F,00401E90), ref: 0040BC99
          • ImmNotifyIME.IMM32(00000020,0000003E,0000003D,00000040,00000033,00000034,0000060E,00000036,00000037,00000001,00000037,00000001,00000023,0000060E,0000002C,0000002A), ref: 0040BCAC
          • ImmNotifyIME.IMM32(0000002E,0000002A,00000037,00000032,00000020,0000003E,0000003D,00000040,00000033,00000034,0000060E,00000036,00000037,00000001,00000037,00000001), ref: 0040BCCF
          • ImmGetOpenStatus.IMM32(00000029,0000002E,0000002A,00000037,00000032,00000020,0000003E,0000003D,00000040,00000033,00000034,0000060E,00000036,00000037,00000001,00000037), ref: 0040BCE9
          • ImmGetProperty.IMM32(00000027,0000002D,00000029,0000002E,0000002A,00000037,00000032,00000020,0000003E,0000003D,00000040,00000033,00000034,0000060E,00000036,00000037), ref: 0040BCFB
          • RasGetProjectionInfoA.RASAPI32(000000FF,00000028,00000000,?), ref: 0040BD11
          • ImmGetProperty.IMM32(00000020,00000027,00000027,0000002D,00000029,0000002E,0000002A,00000037,00000032,00000020,0000003E,0000003D,00000040,00000033,00000034,0000060E), ref: 0040BD21
          • ImmGetProperty.IMM32(00000031,00000023,00000020,00000027,00000027,0000002D,00000029,0000002E,0000002A,00000037,00000032,00000020,0000003E,0000003D,00000040,00000033), ref: 0040BD2A
          • RasDialA.RASAPI32(?,00000049,?,0000002A,00000000,0000003D), ref: 0040BD4B
          • ImmGetContext.IMM32(00000038,00000031,00000023,00000020,00000027,00000027,0000002D,00000029,0000002E,0000002A,00000037,00000032,00000020,0000003E,0000003D,00000040), ref: 0040BD5C
          • ImmDestroyContext.IMM32(0000002E,00000038,00000031,00000023,00000020,00000027,00000027,0000002D,00000029,0000002E,0000002A,00000037,00000032,00000020,0000003E,0000003D), ref: 0040BD6E
          • ImmDestroyContext.IMM32(00000032,0000002E,00000038,00000031,00000023,00000020,00000027,00000027,0000002D,00000029,0000002E,0000002A,00000037,00000032,00000020,0000003E), ref: 0040BD7B
          • ImmGetContext.IMM32(00000031,00000032,0000002E,00000038,00000031,00000023,00000020,00000027,00000027,0000002D,00000029,0000002E,0000002A,00000037,00000032,00000020), ref: 0040BD86
          • ImmSimulateHotKey.IMM32(00000022,000005AA,00000031,00000032,0000002E,00000038,00000031,00000023,00000020,00000027,00000027,0000002D,00000029,0000002E,0000002A,00000037), ref: 0040BD92
          • ImmConfigureIMEA.IMM32(0000002E,00000037,0000002F,00000000,00000022,000005AA,00000031,00000032,0000002E,00000038,00000031,00000023,00000020,00000027,00000027,0000002D), ref: 0040BDB4
          • ImmSimulateHotKey.IMM32(0000003D,000005AA,0000002E,00000037,0000002F,00000000,00000022,000005AA,00000031,00000032,0000002E,00000038,00000031,00000023,00000020,00000027), ref: 0040BDCE
          • ImmSimulateHotKey.IMM32(0000002A,000005AA,0000003D,000005AA,0000002E,00000037,0000002F,00000000,00000022,000005AA,00000031,00000032,0000002E,00000038,00000031,00000023), ref: 0040BDE0
          • ImmAssociateContext.IMM32(0000002D,000004BE,0000002A,000005AA,0000003D,000005AA,0000002E,00000037,0000002F,00000000,00000022,000005AA,00000031,00000032,0000002E,00000038), ref: 0040BDEC
          • ImmGetCompositionStringA.IMM32(00000040,0000003A,00000000,00000730,0000002D,000004BE,0000002A,000005AA,0000003D,000005AA,0000002E,00000037,0000002F,00000000,00000022,000005AA), ref: 0040BDFC
          • ImmGetCandidateListCountA.IMM32(0000003C,00000027,00000040,0000003A,00000000,00000730,0000002D,000004BE,0000002A,000005AA,0000003D,000005AA,0000002E,00000037,0000002F,00000000), ref: 0040BE0E
          • ImmGetCandidateListCountA.IMM32(00000027,0000002E,0000003C,00000027,00000040,0000003A,00000000,00000730,0000002D,000004BE,0000002A,000005AA,0000003D,000005AA,0000002E,00000037), ref: 0040BE2D
          • ImmSetConversionStatus.IMM32(00000033,0000060E,0000003E,00000027,0000002E,0000003C,00000027,00000040,0000003A,00000000,00000730,0000002D,000004BE,0000002A,000005AA,0000003D), ref: 0040BF0D
          • ImmSetOpenStatus.IMM32(0000002A,00000001,00000033,0000060E,0000003E,00000027,0000002E,0000003C,00000027,00000040,0000003A,00000000,00000730,0000002D,000004BE,0000002A), ref: 0040BF29
          • ImmSetOpenStatus.IMM32(00000021,00000001,0000002A,00000001,00000033,0000060E,0000003E,00000027,0000002E,0000003C,00000027,00000040,0000003A,00000000,00000730,0000002D), ref: 0040BF32
          • ImmSetConversionStatus.IMM32(00000022,0000060E,00000021,00000021,00000001,0000002A,00000001,00000033,0000060E,0000003E,00000027,0000002E,0000003C,00000027,00000040,0000003A), ref: 0040BF45
          • ImmNotifyIME.IMM32(00000029,00000031,00000020,00000032,00000022,0000060E,00000021,00000021,00000001,0000002A,00000001,00000033,0000060E,0000003E,00000027,0000002E), ref: 0040BF52
          • ImmGetOpenStatus.IMM32(00000030,00000029,00000031,00000020,00000032,00000022,0000060E,00000021,00000021,00000001,0000002A,00000001,00000033,0000060E,0000003E,00000027), ref: 0040BF6D
          • ImmNotifyIME.IMM32(0000003B,0000002E,00000020,0000002A,00000030,00000029,00000031,00000020,00000032,00000022,0000060E,00000021,00000021,00000001,0000002A,00000001), ref: 0040BF8C
          • ImmNotifyIME.IMM32(00000036,00000028,0000003F,00000038,0000003B,0000002E,00000020,0000002A,00000030,00000029,00000031,00000020,00000032,00000022,0000060E,00000021), ref: 0040BF9D
          • ImmInstallIMEA.IMM32(g27kkY9019n7t01,a6d6L578s522BH7O2,00000036,00000028,0000003F,00000038,0000003B,0000002E,00000020,0000002A,00000030,00000029,00000031,00000020,00000032,00000022), ref: 0040BFB3
          • ImmGetProperty.IMM32(0000002B,0000002F,g27kkY9019n7t01,a6d6L578s522BH7O2,00000036,00000028,0000003F,00000038,0000003B,0000002E,00000020,0000002A,00000030,00000029,00000031,00000020), ref: 0040BFC6
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367532901.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
          • Associated: 00000000.00000002.1367522323.0000000000400000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.1367562599.000000000040D000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.1367573342.000000000040F000.00000008.00020000.sdmp Download File
          • Associated: 00000000.00000002.1367587458.0000000000412000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.1367607245.00000000007B6000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.1367619264.00000000007B7000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_400000_Locky.jbxd
          Similarity
          • API ID: Status$Open$Context$ConversionNotify$Property$Simulate$CandidateCountDestroyList$AssociateCompositionConfigureCreateDialInfoInstallProjectionString
          • String ID: >$a6d6L578s522BH7O2$g27kkY9019n7t01
          • API String ID: 2397665973-1492071236
          • Opcode ID: 86d184e8affcab50848e240b9b90a2e0c4eae58cb089da40de245ae9e0dfde7f
          • Instruction ID: 370ff20bac0c4d56fdb9e1b9a61717478b1f7903f379512cafc8d419ed33044d
          • Opcode Fuzzy Hash: 86d184e8affcab50848e240b9b90a2e0c4eae58cb089da40de245ae9e0dfde7f
          • Instruction Fuzzy Hash: 01F1FB31B40706DBE724DF68CDD5BE63351EB84704F44437DA905BB6C9DBB8AA05C688
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 77a796f3b23b534de2338d473d06cef84993c8f37af457cdbfd4fecdcf4a04fb
          • Instruction ID: a0f3ae9973779fc421298752ad2b86390549303f5932f4ad845f7daf4e0bd08d
          • Opcode Fuzzy Hash: 77a796f3b23b534de2338d473d06cef84993c8f37af457cdbfd4fecdcf4a04fb
          • Instruction Fuzzy Hash: 6F417821A98611FEEB0E6BB4CD76F3D7A15EBB6304F550A7CF00396097DB34C9048296
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 77a796f3b23b534de2338d473d06cef84993c8f37af457cdbfd4fecdcf4a04fb
          • Instruction ID: efc00926729ee1b630a850899c8d4a5dd0a2eb9c0a0a5015768668a0ea727eae
          • Opcode Fuzzy Hash: 77a796f3b23b534de2338d473d06cef84993c8f37af457cdbfd4fecdcf4a04fb
          • Instruction Fuzzy Hash: 5E418A61A1861DFEEB0EABB4CDB6F3D7A15FBA4304F55053CF30396097DBA44A048296
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 77a796f3b23b534de2338d473d06cef84993c8f37af457cdbfd4fecdcf4a04fb
          • Instruction ID: 6ad7270498e16aa1759a79a026ad54d7cb73a8a3ffdaa097457f82c47a618b0d
          • Opcode Fuzzy Hash: 77a796f3b23b534de2338d473d06cef84993c8f37af457cdbfd4fecdcf4a04fb
          • Instruction Fuzzy Hash: BD419D22B18615BEEB0EBBB4CDB6F3D7A15EB98304F55053FF003962D7DB2489048296
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 77a796f3b23b534de2338d473d06cef84993c8f37af457cdbfd4fecdcf4a04fb
          • Instruction ID: 28619d7bf29229773d818d59d7a3ff102196afd4ec99ccb9cae86dbb90d944da
          • Opcode Fuzzy Hash: 77a796f3b23b534de2338d473d06cef84993c8f37af457cdbfd4fecdcf4a04fb
          • Instruction Fuzzy Hash: F5417731B18611EEEB0E6B7CCEB6F3E7AA5EB81340F54C53CF10B950D7DA6489058296
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 77a796f3b23b534de2338d473d06cef84993c8f37af457cdbfd4fecdcf4a04fb
          • Instruction ID: eb4662516cc9f4dfd11c6f61b3e210758bb63020552810c608161ad2eb956b51
          • Opcode Fuzzy Hash: 77a796f3b23b534de2338d473d06cef84993c8f37af457cdbfd4fecdcf4a04fb
          • Instruction Fuzzy Hash: 05417A32B18617AEEF0E6B78CEB7F3D7AE5EB81380F54053CF44395097DA2449445296
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 77a796f3b23b534de2338d473d06cef84993c8f37af457cdbfd4fecdcf4a04fb
          • Instruction ID: d2f6e3ad6e1e09f1ea524b9cca5d2d38b4048785bfa92ef86973815abf7d7330
          • Opcode Fuzzy Hash: 77a796f3b23b534de2338d473d06cef84993c8f37af457cdbfd4fecdcf4a04fb
          • Instruction Fuzzy Hash: 8F415821A18659AEEF0D6B78CD7EBFE7E14FB40304FD4152CE003DD297DA2449049696
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 77a796f3b23b534de2338d473d06cef84993c8f37af457cdbfd4fecdcf4a04fb
          • Instruction ID: 256a059d68335adc92a8b2482746c2fcd83ee433bfa149039e69cf6751dfa2ee
          • Opcode Fuzzy Hash: 77a796f3b23b534de2338d473d06cef84993c8f37af457cdbfd4fecdcf4a04fb
          • Instruction Fuzzy Hash: 84415A72A18611AEEB4E7B78CEB7F3DBA2DEB81340F54053CF04395097DA24494A5396
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 77a796f3b23b534de2338d473d06cef84993c8f37af457cdbfd4fecdcf4a04fb
          • Instruction ID: 50a026eb1fbdad395bb21a110c436f6e80a381206d412e33221aaed47a87baa8
          • Opcode Fuzzy Hash: 77a796f3b23b534de2338d473d06cef84993c8f37af457cdbfd4fecdcf4a04fb
          • Instruction Fuzzy Hash: B3416732A18611BEEB0E6B74CEB6F7EBA25EB83340F54052CE043970D7DB2589448296
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 77a796f3b23b534de2338d473d06cef84993c8f37af457cdbfd4fecdcf4a04fb
          • Instruction ID: afe599a4339be496d1002a2759667f486b00b2cc7bc1cd8f77435d696c0f3b0c
          • Opcode Fuzzy Hash: 77a796f3b23b534de2338d473d06cef84993c8f37af457cdbfd4fecdcf4a04fb
          • Instruction Fuzzy Hash: 6C418A31A18ED1BEEB0EAB76CDB6F3D7A15EB98304F55053CF00396097DB7449848296
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 38e45b892eb5c14410761762884732f4e0e3e6e0a2363eae122ece4a65b27669
          • Instruction ID: d7d692dc9c856085f107f7418bc69fa2fe2cfbb822963bfec03ec628966c0ee8
          • Opcode Fuzzy Hash: 38e45b892eb5c14410761762884732f4e0e3e6e0a2363eae122ece4a65b27669
          • Instruction Fuzzy Hash: 6E418922A58611FEEB0E6BB4CC76F3D7A15EBB6304F150A7CF00396097DB34CA048296
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 38e45b892eb5c14410761762884732f4e0e3e6e0a2363eae122ece4a65b27669
          • Instruction ID: bdbeae723161726fdf4ef821eda8d989d737bc76f48b9f9167296ee538aa6615
          • Opcode Fuzzy Hash: 38e45b892eb5c14410761762884732f4e0e3e6e0a2363eae122ece4a65b27669
          • Instruction Fuzzy Hash: D4418A62A1861DFEEB0EAB74CD76F3D7A11FBA4304F05053CF30396097DBA44A048292
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 38e45b892eb5c14410761762884732f4e0e3e6e0a2363eae122ece4a65b27669
          • Instruction ID: 88238c6df809bf375613144538c58a1f10875e08ba87541b3e3c2fce7081cecc
          • Opcode Fuzzy Hash: 38e45b892eb5c14410761762884732f4e0e3e6e0a2363eae122ece4a65b27669
          • Instruction Fuzzy Hash: DD419C62B18611BEFB0EABB4CD76F3D7A15EBA8304F55153FF003962D7DB248A048256
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 38e45b892eb5c14410761762884732f4e0e3e6e0a2363eae122ece4a65b27669
          • Instruction ID: fbb7562fdc56f21fc7d515a96c6d504e9f3ab65e547b94dd8a123ed406d2d0ce
          • Opcode Fuzzy Hash: 38e45b892eb5c14410761762884732f4e0e3e6e0a2363eae122ece4a65b27669
          • Instruction Fuzzy Hash: A0416832B18611EEEB0E6B7CCEB6F3E7AA5EB81340F14C53CF10B95097D96489058296
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 38e45b892eb5c14410761762884732f4e0e3e6e0a2363eae122ece4a65b27669
          • Instruction ID: 82a3e91f091ee776e7933ff3cabe380b91ef6d55041809fd32b39d04c3c2f17a
          • Opcode Fuzzy Hash: 38e45b892eb5c14410761762884732f4e0e3e6e0a2363eae122ece4a65b27669
          • Instruction Fuzzy Hash: 44416932B18612AEFF0E6B78CEB6F3D7AE5EB90380F54053CF44399097DA2449449296
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 38e45b892eb5c14410761762884732f4e0e3e6e0a2363eae122ece4a65b27669
          • Instruction ID: 81607e58f96d0cce10a4e7718da42a4af554ae4ebd175ae03d71f858e451a0ab
          • Opcode Fuzzy Hash: 38e45b892eb5c14410761762884732f4e0e3e6e0a2363eae122ece4a65b27669
          • Instruction Fuzzy Hash: BA414622A18655AEEF0E6B78CCBEBFE7E14FB80304FD4152CF003DD297DA2449049656
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 38e45b892eb5c14410761762884732f4e0e3e6e0a2363eae122ece4a65b27669
          • Instruction ID: e0a999b51863ea0090dd511f3d383feb2dc49e08de2f46c5a75a2120ca964008
          • Opcode Fuzzy Hash: 38e45b892eb5c14410761762884732f4e0e3e6e0a2363eae122ece4a65b27669
          • Instruction Fuzzy Hash: C7416972B18611AEEB4E7B74CEB6F7DBA29EB80340F54053CF04395097DA24494A9396
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 38e45b892eb5c14410761762884732f4e0e3e6e0a2363eae122ece4a65b27669
          • Instruction ID: 7826d420f996dd67c387ddb07db419d00a37e97be0e2fe06ea7d210a23cf670e
          • Opcode Fuzzy Hash: 38e45b892eb5c14410761762884732f4e0e3e6e0a2363eae122ece4a65b27669
          • Instruction Fuzzy Hash: 14414532A18611BEEB0E6B74CEA6F7EBA25EB83340F54552CE043970D7DB2589448296
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 38e45b892eb5c14410761762884732f4e0e3e6e0a2363eae122ece4a65b27669
          • Instruction ID: 6c39cdd636ef7d21f2ad8637af03d53b40c2db484e0a9e5550ca92437b4303f6
          • Opcode Fuzzy Hash: 38e45b892eb5c14410761762884732f4e0e3e6e0a2363eae122ece4a65b27669
          • Instruction Fuzzy Hash: 19418B32A18ED1BEEB0EAB76CC76F7D7915EBA4304F15053CF00396097DB7449848296
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,001C08FB,001C089F), ref: 001C1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: d35d887d0cb7fef385113c7007d14b9488ea8e3e9ebb172cae4d454c762fd4bf
          • Instruction ID: 94778a888f1268025412ce8cfbc114484b46c4fc60edc825b6e9512b14a5fba1
          • Opcode Fuzzy Hash: d35d887d0cb7fef385113c7007d14b9488ea8e3e9ebb172cae4d454c762fd4bf
          • Instruction Fuzzy Hash: AC416622A98641BEEB0E6B748D7AF3D7A11EBB7304F550A7CF00386097DB34CA448196
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,001F08FB,001F089F), ref: 001F1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: d35d887d0cb7fef385113c7007d14b9488ea8e3e9ebb172cae4d454c762fd4bf
          • Instruction ID: b957abbbae3e5b929eee45efc3089b4b9618278678d06c1294e9776c45aaa214
          • Opcode Fuzzy Hash: d35d887d0cb7fef385113c7007d14b9488ea8e3e9ebb172cae4d454c762fd4bf
          • Instruction Fuzzy Hash: 06417662B18609FEEB0FAB788D7AF3D7901EBA5304F55093CF30386097DBA44A444296
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,001D08FB,001D089F), ref: 001D1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: d35d887d0cb7fef385113c7007d14b9488ea8e3e9ebb172cae4d454c762fd4bf
          • Instruction ID: b82a7f7f23259451597cd40efaa2f5653e50d9465809fc9a8493c5d1913f6e9c
          • Opcode Fuzzy Hash: d35d887d0cb7fef385113c7007d14b9488ea8e3e9ebb172cae4d454c762fd4bf
          • Instruction Fuzzy Hash: EB418962B18A11BEEB0E7BB4CD7AB3D7A11DBA9304F55193FF00386297DB248A448156
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,00A708FB,00A7089F), ref: 00A71A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: d35d887d0cb7fef385113c7007d14b9488ea8e3e9ebb172cae4d454c762fd4bf
          • Instruction ID: b7a92c2790c473f8f34e8f13de4eb7ea96e9d9691fcfb5124b020ed0af147098
          • Opcode Fuzzy Hash: d35d887d0cb7fef385113c7007d14b9488ea8e3e9ebb172cae4d454c762fd4bf
          • Instruction Fuzzy Hash: E9417632B18601EEEB1E6B7C8E7AF3E79A4DB81340F54C93CF10F99097D96489454196
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,00A908FB,00A9089F), ref: 00A91A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: d35d887d0cb7fef385113c7007d14b9488ea8e3e9ebb172cae4d454c762fd4bf
          • Instruction ID: abcd5eedc68142a7e929d5d6548170e2f390b095ad6e800e755cf8c32b38457f
          • Opcode Fuzzy Hash: d35d887d0cb7fef385113c7007d14b9488ea8e3e9ebb172cae4d454c762fd4bf
          • Instruction Fuzzy Hash: C6418732B18613AEEF0E7B78CE7AF3E7DE0DB91380F54093CE40389097D92449445196
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,008B08FB,008B089F), ref: 008B1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: d35d887d0cb7fef385113c7007d14b9488ea8e3e9ebb172cae4d454c762fd4bf
          • Instruction ID: 78d50131c07e972a83b8e893d8d4ccee2cffd9f9151036b8564481bf38137973
          • Opcode Fuzzy Hash: d35d887d0cb7fef385113c7007d14b9488ea8e3e9ebb172cae4d454c762fd4bf
          • Instruction Fuzzy Hash: 00416422A18A55AEEF0E7B788C7EBBE7D10FB81304FD4163CE003CD297CA2449045543
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,00A808FB,00A8089F), ref: 00A81A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: d35d887d0cb7fef385113c7007d14b9488ea8e3e9ebb172cae4d454c762fd4bf
          • Instruction ID: 68c9a5496f24b8c77cbac37006819687e824812111f1687de3e61619307c7b39
          • Opcode Fuzzy Hash: d35d887d0cb7fef385113c7007d14b9488ea8e3e9ebb172cae4d454c762fd4bf
          • Instruction Fuzzy Hash: 10419B72B18611AEEB4E7B78CE7BF3DBD28EB81340F54093CF00385097D924494A5396
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,00AA08FB,00AA089F), ref: 00AA1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: d35d887d0cb7fef385113c7007d14b9488ea8e3e9ebb172cae4d454c762fd4bf
          • Instruction ID: 49228d7ab480ff0ac7f7a153cf21ff884d7c5f73fb19cbfceac92068bf5f5888
          • Opcode Fuzzy Hash: d35d887d0cb7fef385113c7007d14b9488ea8e3e9ebb172cae4d454c762fd4bf
          • Instruction Fuzzy Hash: B7415632B18611BEEB0E6B78CE7AF3E7A25DB93340F54593CE043870E7DB2549488196
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,001E08FB,001E089F), ref: 001E1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: d35d887d0cb7fef385113c7007d14b9488ea8e3e9ebb172cae4d454c762fd4bf
          • Instruction ID: ffe337e9d0b7e485a8b39c1598cb3e8686ad6ce3f0d2127810fe60dce2d114e9
          • Opcode Fuzzy Hash: d35d887d0cb7fef385113c7007d14b9488ea8e3e9ebb172cae4d454c762fd4bf
          • Instruction Fuzzy Hash: 7A417832B18EC1BEEB0E6B768D7AF3D7901EBA5304F55093CF00386097DB744A844296
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 093c503e8bb1e495fe508dedaf00a8ed0f6b9b0a0719df9135338d592aca73ea
          • Instruction ID: 784ac94bf6800a2eb6bc510943adb8bfdf91327eaec82bbb967c1ae415baf26d
          • Opcode Fuzzy Hash: 093c503e8bb1e495fe508dedaf00a8ed0f6b9b0a0719df9135338d592aca73ea
          • Instruction Fuzzy Hash: 8B313422658651BEEB0E6BB48C7AF3D7A05EBB7304F450A7CE04386097DB28C6548256
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 093c503e8bb1e495fe508dedaf00a8ed0f6b9b0a0719df9135338d592aca73ea
          • Instruction ID: 5cf48f70962e84aaae74e3348dbba279dc192ba216d417a04d6543af846d60f4
          • Opcode Fuzzy Hash: 093c503e8bb1e495fe508dedaf00a8ed0f6b9b0a0719df9135338d592aca73ea
          • Instruction Fuzzy Hash: FD319762618649FEEB0FBB74CD7AF3D7E00EBA5304F05097CF24386097DB6446444282
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 093c503e8bb1e495fe508dedaf00a8ed0f6b9b0a0719df9135338d592aca73ea
          • Instruction ID: a1ae5ecf29793f876c4f7123c820ada5d2fe5f92354758f66a8f2bb90ce4bb03
          • Opcode Fuzzy Hash: 093c503e8bb1e495fe508dedaf00a8ed0f6b9b0a0719df9135338d592aca73ea
          • Instruction Fuzzy Hash: 58317952718A51BEEB0F7BB4CD76B3D7E01EBA9304F45197FF04386297DB2486448146
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 093c503e8bb1e495fe508dedaf00a8ed0f6b9b0a0719df9135338d592aca73ea
          • Instruction ID: b57fa24230f625c4cb51cc64e225140f702bb5b9a69af7faeed55f6843a198ad
          • Opcode Fuzzy Hash: 093c503e8bb1e495fe508dedaf00a8ed0f6b9b0a0719df9135338d592aca73ea
          • Instruction Fuzzy Hash: 83316721718611AEEB1E7B7CCE76F3E7EA4DB81340F04C53CF14F85097D96485454186
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 093c503e8bb1e495fe508dedaf00a8ed0f6b9b0a0719df9135338d592aca73ea
          • Instruction ID: 5187be95f16bda52085690d1321f65bfa01e546fa20b3c8743933ccbbd853227
          • Opcode Fuzzy Hash: 093c503e8bb1e495fe508dedaf00a8ed0f6b9b0a0719df9135338d592aca73ea
          • Instruction Fuzzy Hash: A7313722718613AEEF0E7B78CEBAF3E7DE5DF91380F54193CE043860A7D92449444296
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 093c503e8bb1e495fe508dedaf00a8ed0f6b9b0a0719df9135338d592aca73ea
          • Instruction ID: dfca60d5c03edce3d474e9b3695f50bb93247823c3afc3d8b661ba10988eb90c
          • Opcode Fuzzy Hash: 093c503e8bb1e495fe508dedaf00a8ed0f6b9b0a0719df9135338d592aca73ea
          • Instruction Fuzzy Hash: 22313612A18A65AEEF0E7B788C7EBBE7E14FB81304FD4153CE043CD2A7DA2445448557
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 093c503e8bb1e495fe508dedaf00a8ed0f6b9b0a0719df9135338d592aca73ea
          • Instruction ID: 4f78e2b4536c8a5d71fb6ad6f72b3976a5bdb8a00b3d90e936b9f8fede34bf61
          • Opcode Fuzzy Hash: 093c503e8bb1e495fe508dedaf00a8ed0f6b9b0a0719df9135338d592aca73ea
          • Instruction Fuzzy Hash: 6A319D72B18611AEEB4E7B74CEBBF3DBE29EB81340F44093CF04385097D924454A4396
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 093c503e8bb1e495fe508dedaf00a8ed0f6b9b0a0719df9135338d592aca73ea
          • Instruction ID: 8be53fee54a5678189aad397e188a2609788fd83e7823a48508199bab9867086
          • Opcode Fuzzy Hash: 093c503e8bb1e495fe508dedaf00a8ed0f6b9b0a0719df9135338d592aca73ea
          • Instruction Fuzzy Hash: 0B312432618611BEEB0E6B74CEBAF3E7E25DB83340F54593CE043870E7DB2585488296
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 093c503e8bb1e495fe508dedaf00a8ed0f6b9b0a0719df9135338d592aca73ea
          • Instruction ID: 4090d58d2ebfcd8b71208542f724f6f8fad91d78b48cb3f9d401dfab8be0ba17
          • Opcode Fuzzy Hash: 093c503e8bb1e495fe508dedaf00a8ed0f6b9b0a0719df9135338d592aca73ea
          • Instruction Fuzzy Hash: 60313432618ED1BEEB0E6B768C7AB3D7905EBA5304F15097CF04386097DB7446844296
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,001C08FB,001C089F), ref: 001C1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 76e8a4e3fb999826eb009f3af41dda8dea86e85fb935e2fbe9079561321e7dfb
          • Instruction ID: ebf1d5c78e30831096e7ae345dfadf1cc7adcf9167b68bbff9549cc14873f334
          • Opcode Fuzzy Hash: 76e8a4e3fb999826eb009f3af41dda8dea86e85fb935e2fbe9079561321e7dfb
          • Instruction Fuzzy Hash: 23312622B98651BEE70F6BB8CD76F3D7955ABBA704F550A3CB00386097DB38C6144146
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,001F08FB,001F089F), ref: 001F1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 76e8a4e3fb999826eb009f3af41dda8dea86e85fb935e2fbe9079561321e7dfb
          • Instruction ID: 73dc8a1bb2e8a9c5b6724640958759316cbecb1e5362e25ac50ce451c555bacf
          • Opcode Fuzzy Hash: 76e8a4e3fb999826eb009f3af41dda8dea86e85fb935e2fbe9079561321e7dfb
          • Instruction Fuzzy Hash: A1315762B18619FDE70FBB78CD76F3D7941ABA4304F450A3CB30386097DB6586044286
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,001D08FB,001D089F), ref: 001D1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 76e8a4e3fb999826eb009f3af41dda8dea86e85fb935e2fbe9079561321e7dfb
          • Instruction ID: 64a36a93d93c6231699696804dfa3afb8b43c371512fbbb0c8a53785a7275c14
          • Opcode Fuzzy Hash: 76e8a4e3fb999826eb009f3af41dda8dea86e85fb935e2fbe9079561321e7dfb
          • Instruction Fuzzy Hash: 10314862B18651BDEB0F7BB8CD76B3D7955EBA8304F551A3FF003862A7DB2886048146
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,00A708FB,00A7089F), ref: 00A71A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 76e8a4e3fb999826eb009f3af41dda8dea86e85fb935e2fbe9079561321e7dfb
          • Instruction ID: e1927877645475ad4f14d5602d41b8fc65381a0633c1051093cf91257b4e73a9
          • Opcode Fuzzy Hash: 76e8a4e3fb999826eb009f3af41dda8dea86e85fb935e2fbe9079561321e7dfb
          • Instruction Fuzzy Hash: D9315532B18611EEEB1E7B7CCE76F3E79A5AB91340F44CA3CF10F850A7D96485054246
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,00A908FB,00A9089F), ref: 00A91A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 76e8a4e3fb999826eb009f3af41dda8dea86e85fb935e2fbe9079561321e7dfb
          • Instruction ID: 6c2792a4ceaec64fbd2813d594af24cc8e706e4d4ce08eee87e114bebf30df54
          • Opcode Fuzzy Hash: 76e8a4e3fb999826eb009f3af41dda8dea86e85fb935e2fbe9079561321e7dfb
          • Instruction Fuzzy Hash: DF315832B18612AEEF0E7B78CE76F3E7DE5EB90380F540A3CF003854A7D92489045246
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,008B08FB,008B089F), ref: 008B1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 76e8a4e3fb999826eb009f3af41dda8dea86e85fb935e2fbe9079561321e7dfb
          • Instruction ID: 0379035c9a3e10bdd062a38c3b4f7da4df90bff26555f46d58c872980cb04231
          • Opcode Fuzzy Hash: 76e8a4e3fb999826eb009f3af41dda8dea86e85fb935e2fbe9079561321e7dfb
          • Instruction Fuzzy Hash: 0A312422B18625AEEF0E7B7C8D7EBBE7D15FB90304FD4163CB003C92A7DA2885045546
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,00A808FB,00A8089F), ref: 00A81A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 76e8a4e3fb999826eb009f3af41dda8dea86e85fb935e2fbe9079561321e7dfb
          • Instruction ID: cfd04d0ae17fbbcba3f7f2e7f01b1942bcd7dad1a361a637b88e640515fb4c88
          • Opcode Fuzzy Hash: 76e8a4e3fb999826eb009f3af41dda8dea86e85fb935e2fbe9079561321e7dfb
          • Instruction Fuzzy Hash: 65317B72B18610AEEB4E7B78CE76F3EBD69EB90340F540A3CF003850A7D92485195396
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,00AA08FB,00AA089F), ref: 00AA1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 76e8a4e3fb999826eb009f3af41dda8dea86e85fb935e2fbe9079561321e7dfb
          • Instruction ID: 9a380104d0f2d13e1f6027f4a48477f770f0f2bd3c9cdc344b4667c2a16caaca
          • Opcode Fuzzy Hash: 76e8a4e3fb999826eb009f3af41dda8dea86e85fb935e2fbe9079561321e7dfb
          • Instruction Fuzzy Hash: DB313532B18610BEEB4E7B78CE76F3E7A65AB97340F545A3CE003870E7DB2585048256
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,001E08FB,001E089F), ref: 001E1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: 76e8a4e3fb999826eb009f3af41dda8dea86e85fb935e2fbe9079561321e7dfb
          • Instruction ID: f6b64677b5082dfe4e2836319834d68dee59bfce748522787e7334d694678a9a
          • Opcode Fuzzy Hash: 76e8a4e3fb999826eb009f3af41dda8dea86e85fb935e2fbe9079561321e7dfb
          • Instruction Fuzzy Hash: 65310332B18ED1BDE70E6B7A8D76B3D7945EBE8304F550A3CF00386097DB7486844256
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,001C08FB,001C089F), ref: 001C1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: ee88b324e4e2b8414d0b042676ee9cee8c3b0127ea1f1ddd1f36e1fd013245df
          • Instruction ID: 636d4a4eedaf7c3503251884d8d685f566d606dd05e949c63bfae1f7c6cb39f3
          • Opcode Fuzzy Hash: ee88b324e4e2b8414d0b042676ee9cee8c3b0127ea1f1ddd1f36e1fd013245df
          • Instruction Fuzzy Hash: 54313362A68640BDE70F7BB4CD76F3D6901EBBA344F550A7CB003860A7DB68C614425A
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,001F08FB,001F089F), ref: 001F1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: ee88b324e4e2b8414d0b042676ee9cee8c3b0127ea1f1ddd1f36e1fd013245df
          • Instruction ID: d484819f61d7ef1abc4e976e9ec4a7547ebe375b714bc99a1337c4aa347ededb
          • Opcode Fuzzy Hash: ee88b324e4e2b8414d0b042676ee9cee8c3b0127ea1f1ddd1f36e1fd013245df
          • Instruction Fuzzy Hash: 08318762B28648FDE70FBBB4CD76B3D7D41EBA5304F150A3CB303860A7DBA586044296
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,001D08FB,001D089F), ref: 001D1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: ee88b324e4e2b8414d0b042676ee9cee8c3b0127ea1f1ddd1f36e1fd013245df
          • Instruction ID: 67dfd65870a86a38e70071f1114845bb4881f022a53c60ed0f676ecc3c4298de
          • Opcode Fuzzy Hash: ee88b324e4e2b8414d0b042676ee9cee8c3b0127ea1f1ddd1f36e1fd013245df
          • Instruction Fuzzy Hash: 1031BB52B28A40BDE70F7BB4CD76B3D7E01EBA9304F550A3FF003862A7DB2886044246
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,00A708FB,00A7089F), ref: 00A71A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: ee88b324e4e2b8414d0b042676ee9cee8c3b0127ea1f1ddd1f36e1fd013245df
          • Instruction ID: cba97e6fb300cf2cfdc831db0eaee67e6b3ae2c48f1041656264407dee3bcf3e
          • Opcode Fuzzy Hash: ee88b324e4e2b8414d0b042676ee9cee8c3b0127ea1f1ddd1f36e1fd013245df
          • Instruction Fuzzy Hash: 46317622B28600ADEB5E7B7CCE76F3E7DA5DB81380F14CA3CF10F850A3D96486054286
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,00A908FB,00A9089F), ref: 00A91A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: ee88b324e4e2b8414d0b042676ee9cee8c3b0127ea1f1ddd1f36e1fd013245df
          • Instruction ID: 0a6a47b9dd6f58df3edb5ff18ded845a76d89d62deb2f545a0ae97b5e3a9e5a0
          • Opcode Fuzzy Hash: ee88b324e4e2b8414d0b042676ee9cee8c3b0127ea1f1ddd1f36e1fd013245df
          • Instruction Fuzzy Hash: AE315662B28612ADEF4E7B78CE76F3E7DE1DB91380F540A3CF003854A7E9248A044256
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,008B08FB,008B089F), ref: 008B1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: ee88b324e4e2b8414d0b042676ee9cee8c3b0127ea1f1ddd1f36e1fd013245df
          • Instruction ID: b5548ef277a9267c227c7bcb3c545f4b0baf9b9c665cfc309ec371b5870cdae8
          • Opcode Fuzzy Hash: ee88b324e4e2b8414d0b042676ee9cee8c3b0127ea1f1ddd1f36e1fd013245df
          • Instruction Fuzzy Hash: 4E315712B28A55ADEB0E7778CD7EBBE7D11FB81304F94163CB003C92A7D92846044647
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,00A808FB,00A8089F), ref: 00A81A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: ee88b324e4e2b8414d0b042676ee9cee8c3b0127ea1f1ddd1f36e1fd013245df
          • Instruction ID: f6ab64ebd79ffa2aa4d16b6baea29ba24b6e9eca8db3a4e71ecef7e17ac367ea
          • Opcode Fuzzy Hash: ee88b324e4e2b8414d0b042676ee9cee8c3b0127ea1f1ddd1f36e1fd013245df
          • Instruction Fuzzy Hash: 16318D72B28600ADEB8E7B78CE77F3EBD29EB91344F540A3CF00385097D92486194396
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,00AA08FB,00AA089F), ref: 00AA1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: ee88b324e4e2b8414d0b042676ee9cee8c3b0127ea1f1ddd1f36e1fd013245df
          • Instruction ID: a4f540321e392dc728c59d58f645eeab64559e1667600b99763062b84521908e
          • Opcode Fuzzy Hash: ee88b324e4e2b8414d0b042676ee9cee8c3b0127ea1f1ddd1f36e1fd013245df
          • Instruction Fuzzy Hash: 2F310272A29650BDEB4E6B74CE76F3E6A21DB93340F545A3CE003870E7DB2586088256
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,001E08FB,001E089F), ref: 001E1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@$`F5@
          • API String ID: 71445658-4286260482
          • Opcode ID: ee88b324e4e2b8414d0b042676ee9cee8c3b0127ea1f1ddd1f36e1fd013245df
          • Instruction ID: 7a84d9ad9f9cb85e1ceb3d2dcf88e01a0220838844d393addaf01e55614a9362
          • Opcode Fuzzy Hash: ee88b324e4e2b8414d0b042676ee9cee8c3b0127ea1f1ddd1f36e1fd013245df
          • Instruction Fuzzy Hash: A3312471A28EC0BDE70F6BB68D76B3D6901EBE9344F150A3CF00386097DBB486844256
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 24c002801ae4361e4e9ad4822db82f3bf74ba9764ea56771fe010383ab6edb5a
          • Instruction ID: 41d268cf08afc00d13a25e01a3d54929c6c2bbea30e24813fc75b6c19530573d
          • Opcode Fuzzy Hash: 24c002801ae4361e4e9ad4822db82f3bf74ba9764ea56771fe010383ab6edb5a
          • Instruction Fuzzy Hash: BB313312A58601BDE70F3BB88D6BF3D7D45DBB6300F01567DA143950A7CB28C6444196
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 24c002801ae4361e4e9ad4822db82f3bf74ba9764ea56771fe010383ab6edb5a
          • Instruction ID: 6eff88ab34c7bcf38c352094ca60b94315d22331c92a938690dd71e0ff01ce69
          • Opcode Fuzzy Hash: 24c002801ae4361e4e9ad4822db82f3bf74ba9764ea56771fe010383ab6edb5a
          • Instruction Fuzzy Hash: 93315652A18649BDE70F3BB8CE6BB3D7D45DB95340F01567DB347950E7CB2446444282
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 24c002801ae4361e4e9ad4822db82f3bf74ba9764ea56771fe010383ab6edb5a
          • Instruction ID: d72312d389d4c7c7c07d14be931014fcff6e5cb4a0f7040852fdcdb2e994795f
          • Opcode Fuzzy Hash: 24c002801ae4361e4e9ad4822db82f3bf74ba9764ea56771fe010383ab6edb5a
          • Instruction Fuzzy Hash: D1315652A186057DE70F7BB8CD6BB3D7E45DB99300F01567FF143952E7CB2846449182
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 24c002801ae4361e4e9ad4822db82f3bf74ba9764ea56771fe010383ab6edb5a
          • Instruction ID: 90ac741378d506ca355da73d50b1320556357d653234c20752557f47844748f5
          • Opcode Fuzzy Hash: 24c002801ae4361e4e9ad4822db82f3bf74ba9764ea56771fe010383ab6edb5a
          • Instruction Fuzzy Hash: C9315621B18601ADE75E3B7C8E6BF3E7D99DB82300F00D67DF54B950E7C96446484187
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 24c002801ae4361e4e9ad4822db82f3bf74ba9764ea56771fe010383ab6edb5a
          • Instruction ID: 87cbea734e8471d9fcc6379f401d7864db823fb6c32b26f0c682b9d4fc2355fd
          • Opcode Fuzzy Hash: 24c002801ae4361e4e9ad4822db82f3bf74ba9764ea56771fe010383ab6edb5a
          • Instruction Fuzzy Hash: B5315662B186066DFF4E3BB88E6BF3E7DD5DB81380F00967DA543950E7C92445445182
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 24c002801ae4361e4e9ad4822db82f3bf74ba9764ea56771fe010383ab6edb5a
          • Instruction ID: 33f130f4378c3a1a52edd521f089841e56051a0a9fa33294c76a9adec7b9bf16
          • Opcode Fuzzy Hash: 24c002801ae4361e4e9ad4822db82f3bf74ba9764ea56771fe010383ab6edb5a
          • Instruction Fuzzy Hash: C2317612A18609ADEB0E3B7C8D7FBBE7D05FB82304F80563DB003CA2EBC92845448587
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 24c002801ae4361e4e9ad4822db82f3bf74ba9764ea56771fe010383ab6edb5a
          • Instruction ID: 3ca5675c71489cbf113468bb89abd9525a3bcf25f42cbb57072f3a1ffbc3ff9d
          • Opcode Fuzzy Hash: 24c002801ae4361e4e9ad4822db82f3bf74ba9764ea56771fe010383ab6edb5a
          • Instruction Fuzzy Hash: B1315962A186016EF78E3B78CE6BF3E7D69EB81300F00567DF543950E7C924454A4392
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 24c002801ae4361e4e9ad4822db82f3bf74ba9764ea56771fe010383ab6edb5a
          • Instruction ID: 9eec02f3c7f6cd0eb34324c639148d240ef2b89244cbb48c37d1b43d61aee277
          • Opcode Fuzzy Hash: 24c002801ae4361e4e9ad4822db82f3bf74ba9764ea56771fe010383ab6edb5a
          • Instruction Fuzzy Hash: E3313462A186417EE74E3B78CE6BF3E7D55DB87300F00567DA543970EBCB294A488292
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 24c002801ae4361e4e9ad4822db82f3bf74ba9764ea56771fe010383ab6edb5a
          • Instruction ID: 69bd23c6d152eee8c9380ed27837f5ed436fcfb3af94ebfab0bab3705a1d4ddb
          • Opcode Fuzzy Hash: 24c002801ae4361e4e9ad4822db82f3bf74ba9764ea56771fe010383ab6edb5a
          • Instruction Fuzzy Hash: CA315332A18E807DE70F3BBA8D2AF3D7D05EB96300F11527DF142860A7CB744A844292
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000), ref: 001C184F
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: fa384f2e6fe673137252a21fc952f880fa668fc39709f71ea96c7aaaf37b051d
          • Instruction ID: c32dbef93399093a91349e9de2123a1e6e9d89c1104a0f53e1b91cc6b13d302f
          • Opcode Fuzzy Hash: fa384f2e6fe673137252a21fc952f880fa668fc39709f71ea96c7aaaf37b051d
          • Instruction Fuzzy Hash: 92317612A9C205ADEB0F2BB8CD66F3D7E519BBA300F0556BDE003860D7CB28C5044206
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000), ref: 001F184F
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: fa384f2e6fe673137252a21fc952f880fa668fc39709f71ea96c7aaaf37b051d
          • Instruction ID: 804d25d8d8cbad38e3df4b95a84e621fc43e3939d69ebdd1e1ac459066a04f2e
          • Opcode Fuzzy Hash: fa384f2e6fe673137252a21fc952f880fa668fc39709f71ea96c7aaaf37b051d
          • Instruction Fuzzy Hash: 12318552B1824CEEEB0F7BB8CE66B3D7E959BA9340F05467DE303860E7CB2485044202
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000), ref: 001D184F
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: fa384f2e6fe673137252a21fc952f880fa668fc39709f71ea96c7aaaf37b051d
          • Instruction ID: 2196d95ff9d81ddf84a5d51394f67e21852d769bea2ee795a999f9d69f4db5e9
          • Opcode Fuzzy Hash: fa384f2e6fe673137252a21fc952f880fa668fc39709f71ea96c7aaaf37b051d
          • Instruction Fuzzy Hash: E7318712B182057DEB0FABB8CDB6B3D7E52DB99300F05467FE002862E7CB2885049202
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000), ref: 00A7184F
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: fa384f2e6fe673137252a21fc952f880fa668fc39709f71ea96c7aaaf37b051d
          • Instruction ID: eb1d6b3c45646315be7a47ada140c7b70d6520ae52fcfb44f61554f09bd6cdd0
          • Opcode Fuzzy Hash: fa384f2e6fe673137252a21fc952f880fa668fc39709f71ea96c7aaaf37b051d
          • Instruction Fuzzy Hash: AA318522B182059EEB4F2B7CCEB6F3E7EE58B85300F14C67DE00A960E7C96885084203
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000), ref: 00AB184F
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368598650.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ab0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: fa384f2e6fe673137252a21fc952f880fa668fc39709f71ea96c7aaaf37b051d
          • Instruction ID: abf5806e984de0e10c4b09d49afedf71fadb7eb5e53789fa5e77a0af9b675b0a
          • Opcode Fuzzy Hash: fa384f2e6fe673137252a21fc952f880fa668fc39709f71ea96c7aaaf37b051d
          • Instruction Fuzzy Hash: 0B317B22B182455DFB4E3BB8CE76FBE7E6DEB95300F44557DE042C60D7D92445444242
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000), ref: 00A9184F
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: fa384f2e6fe673137252a21fc952f880fa668fc39709f71ea96c7aaaf37b051d
          • Instruction ID: 7789f7b7de70cb83cf2ea7bd3353b28245e843ab2eac69f238b985b3b861fb17
          • Opcode Fuzzy Hash: fa384f2e6fe673137252a21fc952f880fa668fc39709f71ea96c7aaaf37b051d
          • Instruction Fuzzy Hash: C2317922B182466DFF4E3B78CEA6F3E7EE59F95340F04967DE043C64E7D92845046242
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000), ref: 008B184F
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: fa384f2e6fe673137252a21fc952f880fa668fc39709f71ea96c7aaaf37b051d
          • Instruction ID: 2f1d838517ae47415e2de61b26886ca21087b6ec99617c75a6a701e32a13765c
          • Opcode Fuzzy Hash: fa384f2e6fe673137252a21fc952f880fa668fc39709f71ea96c7aaaf37b051d
          • Instruction Fuzzy Hash: 97317812B182495DEF4A2B7CCD7EBBE6E55FB81304F84467DE002CA2EBC92845044242
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000), ref: 00A8184F
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: fa384f2e6fe673137252a21fc952f880fa668fc39709f71ea96c7aaaf37b051d
          • Instruction ID: e6554627f90273e14838d8ce633042f3b56d8c4eee6c849e97069eb0afabf606
          • Opcode Fuzzy Hash: fa384f2e6fe673137252a21fc952f880fa668fc39709f71ea96c7aaaf37b051d
          • Instruction Fuzzy Hash: 54317762B182455EEB8E3B78CEA7F3E7E699B95300F04567DE043C60EBD928850A4342
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000), ref: 00AA184F
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: fa384f2e6fe673137252a21fc952f880fa668fc39709f71ea96c7aaaf37b051d
          • Instruction ID: 9b8c0e251518c74d9dccca9e6aaad0c4650195b83ad611b9c4e19c03b3381022
          • Opcode Fuzzy Hash: fa384f2e6fe673137252a21fc952f880fa668fc39709f71ea96c7aaaf37b051d
          • Instruction Fuzzy Hash: B7315922B182457DEB4E2B78CE66F3E7E659B9B300F14567DE042D70DBDB2985488242
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000), ref: 001E184F
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: fa384f2e6fe673137252a21fc952f880fa668fc39709f71ea96c7aaaf37b051d
          • Instruction ID: ca6d78f32495a19dc2de685b0c3e82e854a03251301325580786b6f397e93767
          • Opcode Fuzzy Hash: fa384f2e6fe673137252a21fc952f880fa668fc39709f71ea96c7aaaf37b051d
          • Instruction Fuzzy Hash: EB317632B18AC46DE70F2B7ACD66F3D7E55DB99300F15567DE042860D7DB7449848212
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,001C08FB,001C089F), ref: 001C1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 5a28c3f1897c94aaa7ae0e1a45da0f7ca4e046ea045276ad6455e6f4962d9ca1
          • Instruction ID: 4e0f482e06de29dc122a4d6adbbfaa27836d6461325df5c49d79e0177d12fa6a
          • Opcode Fuzzy Hash: 5a28c3f1897c94aaa7ae0e1a45da0f7ca4e046ea045276ad6455e6f4962d9ca1
          • Instruction Fuzzy Hash: 25310661759641BEE74F7BB88DA6F3D6955DBBA340F560A7CF003C6097DB38CA008115
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,001F08FB,001F089F), ref: 001F1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 5a28c3f1897c94aaa7ae0e1a45da0f7ca4e046ea045276ad6455e6f4962d9ca1
          • Instruction ID: 643b63b60b41ff6051242e25af1e156b5852c08b5714bd6a620a3ecaafd602df
          • Opcode Fuzzy Hash: 5a28c3f1897c94aaa7ae0e1a45da0f7ca4e046ea045276ad6455e6f4962d9ca1
          • Instruction Fuzzy Hash: 78313662718649FDE74F7BB88DB6F3D6995DBA4300F460A7CF303C6097DB688A004215
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,001D08FB,001D089F), ref: 001D1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 5a28c3f1897c94aaa7ae0e1a45da0f7ca4e046ea045276ad6455e6f4962d9ca1
          • Instruction ID: 87f723a3e55f3fb97571347fbdf6a1ba871e7557a0e0c68edfda8076b4639bfb
          • Opcode Fuzzy Hash: 5a28c3f1897c94aaa7ae0e1a45da0f7ca4e046ea045276ad6455e6f4962d9ca1
          • Instruction Fuzzy Hash: C1313662719651BDE74F7BB8CDB6B3D6955DBA9300F420A7FF003C6297DB388A008105
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,00A708FB,00A7089F), ref: 00A71A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 5a28c3f1897c94aaa7ae0e1a45da0f7ca4e046ea045276ad6455e6f4962d9ca1
          • Instruction ID: 9896ee1b54d48364f90bafbb85bcab19781f55389a15d3558cee5a6c6f4df4ef
          • Opcode Fuzzy Hash: 5a28c3f1897c94aaa7ae0e1a45da0f7ca4e046ea045276ad6455e6f4962d9ca1
          • Instruction Fuzzy Hash: B73134327196019EEB4E7B7C8EBAF3E69A5DB91380F40C63CF00BC60D7D96889048155
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,00AB08FB,00AB089F), ref: 00AB1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368598650.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ab0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 5a28c3f1897c94aaa7ae0e1a45da0f7ca4e046ea045276ad6455e6f4962d9ca1
          • Instruction ID: a0d4c1d033a1b3c10ff32139a1e9ec91212f2f5f30628b03626ed1eb01a9f2b2
          • Opcode Fuzzy Hash: 5a28c3f1897c94aaa7ae0e1a45da0f7ca4e046ea045276ad6455e6f4962d9ca1
          • Instruction Fuzzy Hash: C63106327196019DE74E7B788EBAFBF6E6DEB91340F94463CE003C60D7D92889048155
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,00A908FB,00A9089F), ref: 00A91A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 5a28c3f1897c94aaa7ae0e1a45da0f7ca4e046ea045276ad6455e6f4962d9ca1
          • Instruction ID: 37b6d5be152f9d8077f6000e3a92d090c9f6751f1db04d238178fc1b4a0c0528
          • Opcode Fuzzy Hash: 5a28c3f1897c94aaa7ae0e1a45da0f7ca4e046ea045276ad6455e6f4962d9ca1
          • Instruction Fuzzy Hash: A0310432719612AEEF4E7B788EAAF3E79E5DB91380F54463CE403C6496D9288D008155
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,008B08FB,008B089F), ref: 008B1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 5a28c3f1897c94aaa7ae0e1a45da0f7ca4e046ea045276ad6455e6f4962d9ca1
          • Instruction ID: b041a6917d3c84ed2f007026484895930ec44994cd9dde73bbd0b28f09586ecf
          • Opcode Fuzzy Hash: 5a28c3f1897c94aaa7ae0e1a45da0f7ca4e046ea045276ad6455e6f4962d9ca1
          • Instruction Fuzzy Hash: 38313622B186159EEB4E7B7C8DBEBBE7D45FB90304F94163CF003D92E7D92889008506
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,00A808FB,00A8089F), ref: 00A81A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 5a28c3f1897c94aaa7ae0e1a45da0f7ca4e046ea045276ad6455e6f4962d9ca1
          • Instruction ID: 5f32f47cbe5efb36a26fada584ce15517d3bcedc0b2da3373fc82b20568fadbc
          • Opcode Fuzzy Hash: 5a28c3f1897c94aaa7ae0e1a45da0f7ca4e046ea045276ad6455e6f4962d9ca1
          • Instruction Fuzzy Hash: AB312672B196019EEB8E7F78CEBAF3EB969DB90340F54463CF003C6097D92889098355
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,00AA08FB,00AA089F), ref: 00AA1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 5a28c3f1897c94aaa7ae0e1a45da0f7ca4e046ea045276ad6455e6f4962d9ca1
          • Instruction ID: f5bd7515615718559f79891434e75adc9048c393e5716e5194e8fda3ea77c767
          • Opcode Fuzzy Hash: 5a28c3f1897c94aaa7ae0e1a45da0f7ca4e046ea045276ad6455e6f4962d9ca1
          • Instruction Fuzzy Hash: 41310432719611BEEB8E7B78CEAAF3EA965DB97340F545A3CE003C70D6DB2889048155
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,001E08FB,001E089F), ref: 001E1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 5a28c3f1897c94aaa7ae0e1a45da0f7ca4e046ea045276ad6455e6f4962d9ca1
          • Instruction ID: 1687863180bfd876e02c73a73404e4de3d72df3f5a518f2325ce2ad745d6cc3a
          • Opcode Fuzzy Hash: 5a28c3f1897c94aaa7ae0e1a45da0f7ca4e046ea045276ad6455e6f4962d9ca1
          • Instruction Fuzzy Hash: 11312531718EC1ADE74F7BBA8DA6B3D6955DBE8300F520A7CF003C6097DB788A804255
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 25a23600f0af06af078c91a2e89f3ed15973cd6a86888d95f4867ad8d4bb545d
          • Instruction ID: 3e6e4a9a2b47171fa9c79f5997c7141f9be39bebfd4e6f4b9e7f8e64bbb49bec
          • Opcode Fuzzy Hash: 25a23600f0af06af078c91a2e89f3ed15973cd6a86888d95f4867ad8d4bb545d
          • Instruction Fuzzy Hash: A6213161A59650BDE70F7BB88D7AF3E7905EBBA700F411A7CF003860A7DB28C614814A
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 25a23600f0af06af078c91a2e89f3ed15973cd6a86888d95f4867ad8d4bb545d
          • Instruction ID: c60a3ee9c41135934c8410b7e7df3fc2afc0646fb1d064f8ce83d13c49ef8ece
          • Opcode Fuzzy Hash: 25a23600f0af06af078c91a2e89f3ed15973cd6a86888d95f4867ad8d4bb545d
          • Instruction Fuzzy Hash: AA217651618A48FDE70FBBB8CE7AF3D7940EBA4300F451A3CF20386097DB6586044246
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 25a23600f0af06af078c91a2e89f3ed15973cd6a86888d95f4867ad8d4bb545d
          • Instruction ID: a1fc56ff3a13b6e652bf120f5c4b3cb7e02f1bbeb33144573d6e58e91f2f1b5b
          • Opcode Fuzzy Hash: 25a23600f0af06af078c91a2e89f3ed15973cd6a86888d95f4867ad8d4bb545d
          • Instruction Fuzzy Hash: EB214652729A50BDE70F7BB8CD7AB3D7915EBA9300F451A3FF003862A7DB2886048146
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 25a23600f0af06af078c91a2e89f3ed15973cd6a86888d95f4867ad8d4bb545d
          • Instruction ID: cfd6f2348707324b865f982e2daf60784480a5b43d0f44fb3e1296f0ae98e70e
          • Opcode Fuzzy Hash: 25a23600f0af06af078c91a2e89f3ed15973cd6a86888d95f4867ad8d4bb545d
          • Instruction Fuzzy Hash: 27213462B19611ADEB5E7B7C8EBAF3E79A5EB91380F40DA3CF00B890D7D96486044146
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 25a23600f0af06af078c91a2e89f3ed15973cd6a86888d95f4867ad8d4bb545d
          • Instruction ID: 993fdbd0b7307c03333053e222fa13012f4a1b22ee1534b53af8102287559213
          • Opcode Fuzzy Hash: 25a23600f0af06af078c91a2e89f3ed15973cd6a86888d95f4867ad8d4bb545d
          • Instruction Fuzzy Hash: EA210462719612ADEF4E7B788EBAF3E79E5EB91380F441A3CF403894A7D9248A045146
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 25a23600f0af06af078c91a2e89f3ed15973cd6a86888d95f4867ad8d4bb545d
          • Instruction ID: bc8d42eba96263b789108442043e6f68093e13cdc5cee3b526834013597f149d
          • Opcode Fuzzy Hash: 25a23600f0af06af078c91a2e89f3ed15973cd6a86888d95f4867ad8d4bb545d
          • Instruction Fuzzy Hash: C1215612A18A24ADEB0E7B7C8D7EBBE7D04FB90304F84263CF003C92A7D92886044146
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 25a23600f0af06af078c91a2e89f3ed15973cd6a86888d95f4867ad8d4bb545d
          • Instruction ID: f740e1f28090f9bf25911606960f4ef6c4bdf6938d2a0fe92cb6686d580128c3
          • Opcode Fuzzy Hash: 25a23600f0af06af078c91a2e89f3ed15973cd6a86888d95f4867ad8d4bb545d
          • Instruction Fuzzy Hash: 24215A72A19610ADE78E7B78CEBBF3EBD29EB91340F40163CF00385097D92486194385
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 25a23600f0af06af078c91a2e89f3ed15973cd6a86888d95f4867ad8d4bb545d
          • Instruction ID: e09d7aa60b69bbdc599d5ac9dea71184846420b459b542474c47983289ef46c5
          • Opcode Fuzzy Hash: 25a23600f0af06af078c91a2e89f3ed15973cd6a86888d95f4867ad8d4bb545d
          • Instruction Fuzzy Hash: 3921F272629610BDEB4E7B78CEBAF3EB925EB93340F441A3CE003870D7DB2586048156
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 25a23600f0af06af078c91a2e89f3ed15973cd6a86888d95f4867ad8d4bb545d
          • Instruction ID: df0596d625599030826cd462ad73a1edc20d9940079de8b54fed97accf1d00ef
          • Opcode Fuzzy Hash: 25a23600f0af06af078c91a2e89f3ed15973cd6a86888d95f4867ad8d4bb545d
          • Instruction Fuzzy Hash: 1F210161619ED0BDE70F7BBA8D7AB3DB905EBE9300F511A3CF00386097DBB486844256
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 3f283d17a041741765558cc6f6ab350c10c2a9ed579b205a3d970f4492f11d0a
          • Instruction ID: d3299b5638eac31d1c780b0e3f8329143ea04ce0c3055ab311972e72b61302f9
          • Opcode Fuzzy Hash: 3f283d17a041741765558cc6f6ab350c10c2a9ed579b205a3d970f4492f11d0a
          • Instruction Fuzzy Hash: 18312512A58605BDE74F3BB8CE6BF3D7D45ABBA300F01567CB103954EBCB28C6484146
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 3f283d17a041741765558cc6f6ab350c10c2a9ed579b205a3d970f4492f11d0a
          • Instruction ID: d6b43a4f4e99cbf31854b71509475560fdf5f920580387982525831d69edefa6
          • Opcode Fuzzy Hash: 3f283d17a041741765558cc6f6ab350c10c2a9ed579b205a3d970f4492f11d0a
          • Instruction Fuzzy Hash: 00313352A1460CBDE70F7BB8CE67B3D7D459BA9340F01567CB307850EBCB2886484242
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 3f283d17a041741765558cc6f6ab350c10c2a9ed579b205a3d970f4492f11d0a
          • Instruction ID: 761b12557f838a064f087295ceef274a490825a097cfb8bca6c7229d369f2778
          • Opcode Fuzzy Hash: 3f283d17a041741765558cc6f6ab350c10c2a9ed579b205a3d970f4492f11d0a
          • Instruction Fuzzy Hash: 22314552B28605BDE70FBBB8CE67B3D7D46DBA9300F01567FB103852E7CB2886485142
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 3f283d17a041741765558cc6f6ab350c10c2a9ed579b205a3d970f4492f11d0a
          • Instruction ID: 2d09a139bcb55f1417260ffb3c1c788b3a377c020850cbabac8d6dedb120f269
          • Opcode Fuzzy Hash: 3f283d17a041741765558cc6f6ab350c10c2a9ed579b205a3d970f4492f11d0a
          • Instruction Fuzzy Hash: DC312522B14605ADE75E3BBCCE67F3E7DA59B81300F00D63DB10B954E7C96886484147
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 3f283d17a041741765558cc6f6ab350c10c2a9ed579b205a3d970f4492f11d0a
          • Instruction ID: 177be68de174c4dbb7a8dba1040317b0802c39df878bc3be97cc8aedfe4ecccd
          • Opcode Fuzzy Hash: 3f283d17a041741765558cc6f6ab350c10c2a9ed579b205a3d970f4492f11d0a
          • Instruction Fuzzy Hash: 37312562B186066DFF4E3BB8CF6BF3E7DD59B85340F00963CA003954E7C92886486142
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 3f283d17a041741765558cc6f6ab350c10c2a9ed579b205a3d970f4492f11d0a
          • Instruction ID: aa7f6253c02a79417bb83adb8e7d871896a59fafb74bb8bad7d0405d94a0807b
          • Opcode Fuzzy Hash: 3f283d17a041741765558cc6f6ab350c10c2a9ed579b205a3d970f4492f11d0a
          • Instruction Fuzzy Hash: E5312412A186099DEB4E3B7C8D7FBBE7D45FB81304F80563CB002C96EBC92845485547
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 3f283d17a041741765558cc6f6ab350c10c2a9ed579b205a3d970f4492f11d0a
          • Instruction ID: e22dfd513cf9b8081ce8a0bb50d4db42df3699256718525469d90af73f30acf3
          • Opcode Fuzzy Hash: 3f283d17a041741765558cc6f6ab350c10c2a9ed579b205a3d970f4492f11d0a
          • Instruction Fuzzy Hash: 05314862B146056DF78E3BB8CF67F3E7D69EB81300F00563CB003954EBC92886494382
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 3f283d17a041741765558cc6f6ab350c10c2a9ed579b205a3d970f4492f11d0a
          • Instruction ID: 161570876bb4c7bc53064c5cbbaabd72c2e5aefee18465c20496814b2a7353be
          • Opcode Fuzzy Hash: 3f283d17a041741765558cc6f6ab350c10c2a9ed579b205a3d970f4492f11d0a
          • Instruction Fuzzy Hash: C4312522B186057DE74E3BB8CE67F3E7D559B8B300F00563CA013974EBCB2D86484142
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 3f283d17a041741765558cc6f6ab350c10c2a9ed579b205a3d970f4492f11d0a
          • Instruction ID: e108c51ff5f0e945464035e47e9d595c3ecf3d09b1d9be3cdbdfb29c7315ee8f
          • Opcode Fuzzy Hash: 3f283d17a041741765558cc6f6ab350c10c2a9ed579b205a3d970f4492f11d0a
          • Instruction Fuzzy Hash: D1312421A14E846DE70F3BBA8D66F3D7D45EB99700F11567CF103850A6CB7846884252
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,001C08FB,001C089F), ref: 001C1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: dd756afe808d7ac646dd73aa42acc02acb9d6addcb81de2c5ece3200d3916780
          • Instruction ID: 6339ad55620e124332878e03f9547afb864459c4798eb29fe60f9bfd49d6a987
          • Opcode Fuzzy Hash: dd756afe808d7ac646dd73aa42acc02acb9d6addcb81de2c5ece3200d3916780
          • Instruction Fuzzy Hash: CD213461A59641BDE70F7BB8CD7AF3D7905EBBA700F411A7CF003860A7DB28C6144149
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,001F08FB,001F089F), ref: 001F1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: dd756afe808d7ac646dd73aa42acc02acb9d6addcb81de2c5ece3200d3916780
          • Instruction ID: d3a2e21911be14dbcee40c18c5d6e6fc64953f2d08178fadf1b66fd0fc10e58a
          • Opcode Fuzzy Hash: dd756afe808d7ac646dd73aa42acc02acb9d6addcb81de2c5ece3200d3916780
          • Instruction Fuzzy Hash: 7F213461A19649FDE70FBBB8CE7AF3D7945EBA4700F051A3CB202860A7DB6586044245
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,001D08FB,001D089F), ref: 001D1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: dd756afe808d7ac646dd73aa42acc02acb9d6addcb81de2c5ece3200d3916780
          • Instruction ID: 4f602e21a67f2ded0bc578213e194798f753d2ea9a5a395f778cd0a68d832249
          • Opcode Fuzzy Hash: dd756afe808d7ac646dd73aa42acc02acb9d6addcb81de2c5ece3200d3916780
          • Instruction Fuzzy Hash: 17213452B29A51BDE70F7BB8CE7AB3D7915DBA9700F411A3FF002862A7DB2886044145
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,00A708FB,00A7089F), ref: 00A71A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: dd756afe808d7ac646dd73aa42acc02acb9d6addcb81de2c5ece3200d3916780
          • Instruction ID: 62df57a141addc9366343be67daa16c80768f88fa97c631f659748902377bfca
          • Opcode Fuzzy Hash: dd756afe808d7ac646dd73aa42acc02acb9d6addcb81de2c5ece3200d3916780
          • Instruction Fuzzy Hash: D1213462B19601ADEB5E7B7CCE7AF3E7995DB91780F40D63CF00A8A0E7D96486044185
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,00A908FB,00A9089F), ref: 00A91A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: dd756afe808d7ac646dd73aa42acc02acb9d6addcb81de2c5ece3200d3916780
          • Instruction ID: 26cbecc2e3213603e1082a30ee7cfb0fca89dc3b97d22dceda55a4fcdfef89e2
          • Opcode Fuzzy Hash: dd756afe808d7ac646dd73aa42acc02acb9d6addcb81de2c5ece3200d3916780
          • Instruction Fuzzy Hash: B1213462B19612ADFF4E7B78CE7AF3E7995DB91780F40163CE0038A4A7D9248A044185
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,008B08FB,008B089F), ref: 008B1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: dd756afe808d7ac646dd73aa42acc02acb9d6addcb81de2c5ece3200d3916780
          • Instruction ID: 0e5c5772a097f276ba291c9f6174e0e054440fd0ea79885bebc66a48822f9a94
          • Opcode Fuzzy Hash: dd756afe808d7ac646dd73aa42acc02acb9d6addcb81de2c5ece3200d3916780
          • Instruction Fuzzy Hash: 72215652B19625ADEB0E7B7CCD7EBBE7D04FB80704F94263CF002CA2E7DA2886044546
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,00A808FB,00A8089F), ref: 00A81A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: dd756afe808d7ac646dd73aa42acc02acb9d6addcb81de2c5ece3200d3916780
          • Instruction ID: d7ff47f9bd36f39220886d6d66ce8dfb3749de90ecab78a9babce7d2f59d89c4
          • Opcode Fuzzy Hash: dd756afe808d7ac646dd73aa42acc02acb9d6addcb81de2c5ece3200d3916780
          • Instruction Fuzzy Hash: A1215A72B15601ADFB8E7B78CE7AF3EBD29DB90740F40163CF00386097D92486194385
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,00AA08FB,00AA089F), ref: 00AA1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: dd756afe808d7ac646dd73aa42acc02acb9d6addcb81de2c5ece3200d3916780
          • Instruction ID: af2016bee2fb877a6b192f26ccd2b2811e8c127f0ad19b05baf6909d778fe04b
          • Opcode Fuzzy Hash: dd756afe808d7ac646dd73aa42acc02acb9d6addcb81de2c5ece3200d3916780
          • Instruction Fuzzy Hash: CE212272A19651ADEB4E7B78CE6AF3EB915DB92740F441A3CE0028B0E7DB2586084185
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,001E08FB,001E089F), ref: 001E1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: dd756afe808d7ac646dd73aa42acc02acb9d6addcb81de2c5ece3200d3916780
          • Instruction ID: ab896d08680b37f6b9555ddd81d3a7b2df7277eb2b8b8806e0b967b28c1b8006
          • Opcode Fuzzy Hash: dd756afe808d7ac646dd73aa42acc02acb9d6addcb81de2c5ece3200d3916780
          • Instruction Fuzzy Hash: 8B212561615EC1ADE70F7BBACD6AB3D7905EBE8700F111A3CF00386097DB7486844155
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000), ref: 001C184F
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 63a26dcbea33ada15891bf9d3a99a0e453058b40fb7954afac5a93faebf7241d
          • Instruction ID: e3d5be1f1780779cb68f6e40478a7df14cc01b44bb328620d93ffbd70100a033
          • Opcode Fuzzy Hash: 63a26dcbea33ada15891bf9d3a99a0e453058b40fb7954afac5a93faebf7241d
          • Instruction Fuzzy Hash: 1B112551A48205B8EB4F3BB8CD6AF3D6D559BBA300F11567CA103914EBCF69C5444142
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000), ref: 001F184F
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 63a26dcbea33ada15891bf9d3a99a0e453058b40fb7954afac5a93faebf7241d
          • Instruction ID: e798ebf5b9906e0a26b895ebd7d896a77769633dd6708056e1a3acbccaabb0bd
          • Opcode Fuzzy Hash: 63a26dcbea33ada15891bf9d3a99a0e453058b40fb7954afac5a93faebf7241d
          • Instruction Fuzzy Hash: 0D114452B0420DB8FB4F3BB8CF6AB3D6D95DB99340F11527CA307914EBCF6646440242
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000), ref: 001D184F
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 63a26dcbea33ada15891bf9d3a99a0e453058b40fb7954afac5a93faebf7241d
          • Instruction ID: 0da4b2fcedd8a047629c80c6d7b9bea43b13bae47bbb78eaf66c4c6c09b29cb7
          • Opcode Fuzzy Hash: 63a26dcbea33ada15891bf9d3a99a0e453058b40fb7954afac5a93faebf7241d
          • Instruction Fuzzy Hash: 31118452B1420578FB0FBBB8CE6AB3D6E46DB98300F01527FF003916EACF2A46446202
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000), ref: 00A7184F
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 63a26dcbea33ada15891bf9d3a99a0e453058b40fb7954afac5a93faebf7241d
          • Instruction ID: ebceb893587c948433872b6b68a56bdc0c96a8b5781719fd384a44b7e484e36f
          • Opcode Fuzzy Hash: 63a26dcbea33ada15891bf9d3a99a0e453058b40fb7954afac5a93faebf7241d
          • Instruction Fuzzy Hash: 54112162B14205ACEB4A3BBCCEAAF3D6DA59B81300F10D27DE00A954EACDA645480243
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000), ref: 00AB184F
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368598650.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ab0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 63a26dcbea33ada15891bf9d3a99a0e453058b40fb7954afac5a93faebf7241d
          • Instruction ID: ee2e1fca20aa1d8a909d52d3a71fe6deeccc77b75c8a27cba100d303048f82fc
          • Opcode Fuzzy Hash: 63a26dcbea33ada15891bf9d3a99a0e453058b40fb7954afac5a93faebf7241d
          • Instruction Fuzzy Hash: 98114862B0420568FB4E3BF8CE7AFBE6E6EEB81300F90567CE002D14EBCE6645444242
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000), ref: 00A9184F
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 63a26dcbea33ada15891bf9d3a99a0e453058b40fb7954afac5a93faebf7241d
          • Instruction ID: 1b104f32d6fd10b5ddecb82100c1476b5abcd1d972016979e61f17c4f82857de
          • Opcode Fuzzy Hash: 63a26dcbea33ada15891bf9d3a99a0e453058b40fb7954afac5a93faebf7241d
          • Instruction Fuzzy Hash: 10112162B042066CFF4A3BBCCEAAF3D6DE59B85300F10927CA003954EADD6645442242
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000), ref: 008B184F
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 63a26dcbea33ada15891bf9d3a99a0e453058b40fb7954afac5a93faebf7241d
          • Instruction ID: 9e61a7b9c4864192e2ea875bc14e7c8369c98a6b95fa58223e4c337290df904a
          • Opcode Fuzzy Hash: 63a26dcbea33ada15891bf9d3a99a0e453058b40fb7954afac5a93faebf7241d
          • Instruction Fuzzy Hash: FA114852B1460A68FF0E3BBCCDBEBBE6D56FB81304F90563CB002D96EACE6A45444503
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000), ref: 00A8184F
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 63a26dcbea33ada15891bf9d3a99a0e453058b40fb7954afac5a93faebf7241d
          • Instruction ID: 6b391e0cef77a6d19d0bfd4dfbed7f03db8f8a8146929b79426e5b754f6f84e4
          • Opcode Fuzzy Hash: 63a26dcbea33ada15891bf9d3a99a0e453058b40fb7954afac5a93faebf7241d
          • Instruction Fuzzy Hash: 33114462B0460569FB8E3BB8CEABF3D6D69EB81300F10527CE002D14EACD66454A0342
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000), ref: 00AA184F
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 63a26dcbea33ada15891bf9d3a99a0e453058b40fb7954afac5a93faebf7241d
          • Instruction ID: c0cb7bcba35444557b2ac9ca173fafb076bcfb2d17b7e4f569d64cd1f1fd8078
          • Opcode Fuzzy Hash: 63a26dcbea33ada15891bf9d3a99a0e453058b40fb7954afac5a93faebf7241d
          • Instruction Fuzzy Hash: 80110462B1420579FB4E3BBCCEAAF3E6D65DB8B300F10527CE002974EADF6A45484242
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000), ref: 001E184F
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: 63a26dcbea33ada15891bf9d3a99a0e453058b40fb7954afac5a93faebf7241d
          • Instruction ID: ce4cbb66cc4169bfa67362c0037cb217aa4feb15fee7df60aa0792d20920c6b3
          • Opcode Fuzzy Hash: 63a26dcbea33ada15891bf9d3a99a0e453058b40fb7954afac5a93faebf7241d
          • Instruction Fuzzy Hash: 91112561A04A8578FB4F3BBACD6AF3D6D55EB99300F11527CE102914EACFB545840242
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,001C08FB,001C089F), ref: 001C1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: f586d1335e289a49d221aa1b12f8457d4041d264893aecdd9dde2bad499da65a
          • Instruction ID: e9981d932dd9a7e162d87ad7e99b686516f0e3ecd455fc2e264fa59ff56312f8
          • Opcode Fuzzy Hash: f586d1335e289a49d221aa1b12f8457d4041d264893aecdd9dde2bad499da65a
          • Instruction Fuzzy Hash: 46112661A55651B9EB0F7BB8CDAAF3E6D15DBB6300F55167CF003820D7DF29CA104145
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,001F08FB,001F089F), ref: 001F1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: f586d1335e289a49d221aa1b12f8457d4041d264893aecdd9dde2bad499da65a
          • Instruction ID: edb55a3feb87606a65ee318bd99af5d30a6cefb548c8e7c1d9782c8243f40529
          • Opcode Fuzzy Hash: f586d1335e289a49d221aa1b12f8457d4041d264893aecdd9dde2bad499da65a
          • Instruction Fuzzy Hash: 871166A1A04658F9EB0F7BB8CDAAF3E6D51DBA4300F45163CF202820D7EF268A004145
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,001D08FB,001D089F), ref: 001D1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: f586d1335e289a49d221aa1b12f8457d4041d264893aecdd9dde2bad499da65a
          • Instruction ID: 4a5697a4bf1514b62a2b534e4ac90f9f269262e424510e50d35ef3123531a40a
          • Opcode Fuzzy Hash: f586d1335e289a49d221aa1b12f8457d4041d264893aecdd9dde2bad499da65a
          • Instruction Fuzzy Hash: 9E112B9271555179EB0F7BB8CDA9B3E6D15DB95300F55167FF002821D7DF3986004145
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,00A708FB,00A7089F), ref: 00A71A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: f586d1335e289a49d221aa1b12f8457d4041d264893aecdd9dde2bad499da65a
          • Instruction ID: 78130495e9f2298f27461ea53838678fac64d6232ba37771ff75f594b27c2506
          • Opcode Fuzzy Hash: f586d1335e289a49d221aa1b12f8457d4041d264893aecdd9dde2bad499da65a
          • Instruction Fuzzy Hash: 97116661B05611ADEB0F7B7CCEBAF3E6DA5DB80380F80D23CF00A850D7DD658A004185
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,00AB08FB,00AB089F), ref: 00AB1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368598650.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ab0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: f586d1335e289a49d221aa1b12f8457d4041d264893aecdd9dde2bad499da65a
          • Instruction ID: 208291a4555f3dc5fff6a29f22507e2c47fadeda54ccd40eff666c21ebced58b
          • Opcode Fuzzy Hash: f586d1335e289a49d221aa1b12f8457d4041d264893aecdd9dde2bad499da65a
          • Instruction Fuzzy Hash: 63112662A15611A9EB4E7B78CEBAFBF6E2DDB81340FD4163CE002D10D7DE268A004185
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,00A908FB,00A9089F), ref: 00A91A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: f586d1335e289a49d221aa1b12f8457d4041d264893aecdd9dde2bad499da65a
          • Instruction ID: 8206bc338fc1be04ce429848bb80ec407b5c974a88b5b9024b361578f27d4679
          • Opcode Fuzzy Hash: f586d1335e289a49d221aa1b12f8457d4041d264893aecdd9dde2bad499da65a
          • Instruction Fuzzy Hash: 41112662B156126DEF4F7B78CEAAF3E6DE5DF90380F94163CE40385497ED258E004185
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,008B08FB,008B089F), ref: 008B1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: f586d1335e289a49d221aa1b12f8457d4041d264893aecdd9dde2bad499da65a
          • Instruction ID: 7115d9f164c5974467878d283c78058e57eebbc58818b98f46ffdc2717d1f248
          • Opcode Fuzzy Hash: f586d1335e289a49d221aa1b12f8457d4041d264893aecdd9dde2bad499da65a
          • Instruction Fuzzy Hash: 13110852A15625A9EF0E7B7C8DBDBBE6D15FB80704F94262CF002D91D7D92946004546
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,00A808FB,00A8089F), ref: 00A81A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: f586d1335e289a49d221aa1b12f8457d4041d264893aecdd9dde2bad499da65a
          • Instruction ID: ab5e0f75a6e1009841d9cb4aaa5d1dcb0021befcd19d95f1cfe7e2a826d773fd
          • Opcode Fuzzy Hash: f586d1335e289a49d221aa1b12f8457d4041d264893aecdd9dde2bad499da65a
          • Instruction Fuzzy Hash: A61149B2A1561169EB8F7B78CEAAF3EAD29DB80340F94163CF003C10D7DD258A154385
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,00AA08FB,00AA089F), ref: 00AA1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: f586d1335e289a49d221aa1b12f8457d4041d264893aecdd9dde2bad499da65a
          • Instruction ID: 943108be186223941a7cf22bdc98c78564402552db866050eb7c220b7ef3b40f
          • Opcode Fuzzy Hash: f586d1335e289a49d221aa1b12f8457d4041d264893aecdd9dde2bad499da65a
          • Instruction Fuzzy Hash: 32112672A1561179EB4E7B78CEAAF3EAD25DB83340F94163CE003870D7DF268A004185
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • RegOpenKeyExA.KERNELBASE(00000000,?,?,?,?,?,?,001E08FB,001E089F), ref: 001E1A4B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID: Open
          • String ID: `F5@
          • API String ID: 71445658-3130546763
          • Opcode ID: f586d1335e289a49d221aa1b12f8457d4041d264893aecdd9dde2bad499da65a
          • Instruction ID: fa8be48758aaf17dd2df1726b1a6f33c2d11a509a2496a4d3c24ef6599551b68
          • Opcode Fuzzy Hash: f586d1335e289a49d221aa1b12f8457d4041d264893aecdd9dde2bad499da65a
          • Instruction Fuzzy Hash: 89114471A04ED0B9EB0F7BBA8CAAB3E6911EBE8300F51163CF003820D7DB758A804185
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • PulseEvent.KERNEL32(?), ref: 0040C1E0
          • WriteFileGather.KERNEL32(00000000,00000000,?,0000000A), ref: 0040C204
          Memory Dump Source
          • Source File: 00000000.00000002.1367532901.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
          • Associated: 00000000.00000002.1367522323.0000000000400000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.1367562599.000000000040D000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.1367573342.000000000040F000.00000008.00020000.sdmp Download File
          • Associated: 00000000.00000002.1367587458.0000000000412000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.1367607245.00000000007B6000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.1367619264.00000000007B7000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_400000_Locky.jbxd
          Similarity
          • API ID: EventFileGatherPulseWrite
          • String ID:
          • API String ID: 2921966898-0
          • Opcode ID: b70acbb37eab1c5142d1aa00daedc39b3b2c281362eff377c855bd8201554639
          • Instruction ID: 2c35e7c4ce860d5e15163ffc2fc0ae00a056092983d8b484db0043f576c5d12e
          • Opcode Fuzzy Hash: b70acbb37eab1c5142d1aa00daedc39b3b2c281362eff377c855bd8201554639
          • Instruction Fuzzy Hash: 0D415EB5C40344DFD7209FE4D985AAA7BB8EB09714F20427FE552AB2D2CB784845CB58
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: AllocGlobal
          • String ID:
          • API String ID: 3761449716-0
          • Opcode ID: aa41c34816d087effd764b78e8d9161e96e921d906659a684013b79fa3f64506
          • Instruction ID: 8aeba1962251f8028b3175edf741c0aebc4cf197b63d670ab6088f0fecbf532e
          • Opcode Fuzzy Hash: aa41c34816d087effd764b78e8d9161e96e921d906659a684013b79fa3f64506
          • Instruction Fuzzy Hash: 72514672F14205AEEF5D6B78CE66F3E7EE4EBD03C0F11853CE103AA096DA344A049A55
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • GlobalAlloc.KERNELBASE ref: 00A9041A
            • Part of subcall function 00A904A7: GlobalFree.KERNEL32 ref: 00A905BF
          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: Global$AllocFree
          • String ID:
          • API String ID: 3394109436-0
          • Opcode ID: ae5b13e3ba68312dcf867a57d7e57729420221dded57e4ba13b11bd706309df1
          • Instruction ID: a536ca78c74ceb75d9d23da0553fceb1464d95370fbaffeb87431785ef6b879d
          • Opcode Fuzzy Hash: ae5b13e3ba68312dcf867a57d7e57729420221dded57e4ba13b11bd706309df1
          • Instruction Fuzzy Hash: 2C411672F04605AEEF1D6BB8CE66F7E7EE5EBC03C0F15D438E103AA092D9344A449A55
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,001C0A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,001C089F), ref: 001C0AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: 7799df8ac9d23a9f1ee5559ada46b17c16f8e1e340b4eb91f3d18adda4a3786a
          • Instruction ID: 09153540776fd1baef7a43ed1e3dd6fdc59f0a2f4328495df029b579aba472e1
          • Opcode Fuzzy Hash: 7799df8ac9d23a9f1ee5559ada46b17c16f8e1e340b4eb91f3d18adda4a3786a
          • Instruction Fuzzy Hash: A241C536E0461ACADF3B85D8D884BAC7760A7B8329F25477ED002DE150D7B5CCC98695
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,001F0A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,001F089F), ref: 001F0AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: 7799df8ac9d23a9f1ee5559ada46b17c16f8e1e340b4eb91f3d18adda4a3786a
          • Instruction ID: 5d0f09cb69a5aaf38b3e22150758b4d4653ae5b5b7278e54e86c4123842f8053
          • Opcode Fuzzy Hash: 7799df8ac9d23a9f1ee5559ada46b17c16f8e1e340b4eb91f3d18adda4a3786a
          • Instruction Fuzzy Hash: 5A41E476F0461ECBDF3B4998DC883BCB3A0E398329F254676D302DE052D3B588C98691
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,001D0A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,001D089F), ref: 001D0AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: 7799df8ac9d23a9f1ee5559ada46b17c16f8e1e340b4eb91f3d18adda4a3786a
          • Instruction ID: afe77c9e2491e0c6026e242bbce8d0255dfb8bc18d1340e3fa19ad6ada5f2f07
          • Opcode Fuzzy Hash: 7799df8ac9d23a9f1ee5559ada46b17c16f8e1e340b4eb91f3d18adda4a3786a
          • Instruction Fuzzy Hash: C041C636F1861ACBDF3B4A98D8883AC7760E798369F254777D002DE350D7B588C98692
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,00A70A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,00A7089F), ref: 00A70AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: 7799df8ac9d23a9f1ee5559ada46b17c16f8e1e340b4eb91f3d18adda4a3786a
          • Instruction ID: 241b9696f9cef444abd29b3c92e051dd6325996b1df996e73838e461a5376077
          • Opcode Fuzzy Hash: 7799df8ac9d23a9f1ee5559ada46b17c16f8e1e340b4eb91f3d18adda4a3786a
          • Instruction Fuzzy Hash: B141C672F0461ACADF364798DD84FACB770E7E0369F24C636D00ADD150D6B58DC98692
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,00AB0A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,00AB089F), ref: 00AB0AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1368598650.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ab0000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: 7799df8ac9d23a9f1ee5559ada46b17c16f8e1e340b4eb91f3d18adda4a3786a
          • Instruction ID: 0b9c56f51921e0e7f402123b5d34be936a7a33ec5ef1fd1486b179e8fd7ded6f
          • Opcode Fuzzy Hash: 7799df8ac9d23a9f1ee5559ada46b17c16f8e1e340b4eb91f3d18adda4a3786a
          • Instruction Fuzzy Hash: 3341E732E0461ACBDF354698D884FEE7B78E3A1369F24473AD002DD052D7B58CC99691
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,00A90A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,00A9089F), ref: 00A90AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: 7799df8ac9d23a9f1ee5559ada46b17c16f8e1e340b4eb91f3d18adda4a3786a
          • Instruction ID: 3705da00a70a7f381d7d43f5801f8941d336da4b8024cc3b432c5a34043271df
          • Opcode Fuzzy Hash: 7799df8ac9d23a9f1ee5559ada46b17c16f8e1e340b4eb91f3d18adda4a3786a
          • Instruction Fuzzy Hash: 02419333F0461ACEDF754699D888BAC76F0E7A03E9F244636D102ED150D6B58CC98691
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,008B0A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,008B089F), ref: 008B0AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: 7799df8ac9d23a9f1ee5559ada46b17c16f8e1e340b4eb91f3d18adda4a3786a
          • Instruction ID: f6a65a4a98ad733c7aee32aa2be7bd09be2bd96787ed59282d89d0a2254dbb73
          • Opcode Fuzzy Hash: 7799df8ac9d23a9f1ee5559ada46b17c16f8e1e340b4eb91f3d18adda4a3786a
          • Instruction Fuzzy Hash: ED418432E1461ECADF794998D8983EFBA60F79036AF244736D102DD350D7B588C98E91
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,00A80A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,00A8089F), ref: 00A80AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: 7799df8ac9d23a9f1ee5559ada46b17c16f8e1e340b4eb91f3d18adda4a3786a
          • Instruction ID: 49d0f6af51e92b4b379e4875b0a7005d47b1e5eb904e9f235832c5593b4c7c95
          • Opcode Fuzzy Hash: 7799df8ac9d23a9f1ee5559ada46b17c16f8e1e340b4eb91f3d18adda4a3786a
          • Instruction Fuzzy Hash: B541B572F0461ACBDFF96A99D888FACB670EBA0369F244736D002DD150D6B58CCD8791
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,00AA0A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,00AA089F), ref: 00AA0AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: 7799df8ac9d23a9f1ee5559ada46b17c16f8e1e340b4eb91f3d18adda4a3786a
          • Instruction ID: 0c2260693faac09c99066765adb76f38657288396aeb24651ca407cfe08a677b
          • Opcode Fuzzy Hash: 7799df8ac9d23a9f1ee5559ada46b17c16f8e1e340b4eb91f3d18adda4a3786a
          • Instruction Fuzzy Hash: 06419432E0461ACBDF754A98D988FACB670E7A2379F244636D102DF1D0D7B58CC986A1
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,001E0A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,001E089F), ref: 001E0AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: 7799df8ac9d23a9f1ee5559ada46b17c16f8e1e340b4eb91f3d18adda4a3786a
          • Instruction ID: c1e89c5d127f0ffaee6b2aa7ff29e4194f8a71fd8e1a40d3cac02b127fd1002e
          • Opcode Fuzzy Hash: 7799df8ac9d23a9f1ee5559ada46b17c16f8e1e340b4eb91f3d18adda4a3786a
          • Instruction Fuzzy Hash: 4141C536E04EDACADF3B459BD8843ACB6A0E798329F3546B6D002DE150D7F588C98691
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • OpenSCManagerA.ADVAPI32(?,00000000,00000000,00000004,27946D76), ref: 001C025C
          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID: ManagerOpen
          • String ID:
          • API String ID: 1889721586-0
          • Opcode ID: 7143d55ebdc53bcbf5bf4cb770f97d42773437e9606fcb796303c7aa4a218943
          • Instruction ID: 9a5bfef7f693edafbb2b9094abec02ffe2ba7d34ff05d9b226b09873775ff13e
          • Opcode Fuzzy Hash: 7143d55ebdc53bcbf5bf4cb770f97d42773437e9606fcb796303c7aa4a218943
          • Instruction Fuzzy Hash: 2D316E75E44645EEEB0FAAB8CD5AF7D3B64FB78740F21602CA1026A0D2EF74C9458641
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • OpenSCManagerA.ADVAPI32(?,00000000,00000000,00000004,27946D76), ref: 001F025C
          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID: ManagerOpen
          • String ID:
          • API String ID: 1889721586-0
          • Opcode ID: 7143d55ebdc53bcbf5bf4cb770f97d42773437e9606fcb796303c7aa4a218943
          • Instruction ID: 13ca0793c2963464ee441239ead7786d6e76ddfc26913cf7d3f4002cce499586
          • Opcode Fuzzy Hash: 7143d55ebdc53bcbf5bf4cb770f97d42773437e9606fcb796303c7aa4a218943
          • Instruction Fuzzy Hash: CD314975E4460DAEFB0FAAB8CD6AF7D7B64FB58340F255028A702AA0D3EF7049458650
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • OpenSCManagerA.ADVAPI32(?,00000000,00000000,00000004,27946D76), ref: 001D025C
          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID: ManagerOpen
          • String ID:
          • API String ID: 1889721586-0
          • Opcode ID: 7143d55ebdc53bcbf5bf4cb770f97d42773437e9606fcb796303c7aa4a218943
          • Instruction ID: fd4d27fbfa7a18aa736446131251ebd1aa5637db0d03531b9553685119e77371
          • Opcode Fuzzy Hash: 7143d55ebdc53bcbf5bf4cb770f97d42773437e9606fcb796303c7aa4a218943
          • Instruction Fuzzy Hash: 5A31AE75D44605BEEB0FAAB8CD5AB7E3B64FB58340F21502FA502A62D2EF744944C640
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • OpenSCManagerA.ADVAPI32(?,00000000,00000000,00000004,27946D76), ref: 00A7025C
          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID: ManagerOpen
          • String ID:
          • API String ID: 1889721586-0
          • Opcode ID: 7143d55ebdc53bcbf5bf4cb770f97d42773437e9606fcb796303c7aa4a218943
          • Instruction ID: 36e296ad26f5dc7adfce1c30f496a79daeec9d28c35d290d694a22a91e24f054
          • Opcode Fuzzy Hash: 7143d55ebdc53bcbf5bf4cb770f97d42773437e9606fcb796303c7aa4a218943
          • Instruction Fuzzy Hash: 7A314376E54605EEFB09ABB4CD59F7E7A74FB40340F24D028A60E6E0D3EE7449448680
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • OpenSCManagerA.ADVAPI32(?,00000000,00000000,00000004,27946D76), ref: 00A9025C
          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: ManagerOpen
          • String ID:
          • API String ID: 1889721586-0
          • Opcode ID: 7143d55ebdc53bcbf5bf4cb770f97d42773437e9606fcb796303c7aa4a218943
          • Instruction ID: 4f6d178b2327cf2b823a267b6f6de1e7c577b34be1d56f02e5468b326cc9af48
          • Opcode Fuzzy Hash: 7143d55ebdc53bcbf5bf4cb770f97d42773437e9606fcb796303c7aa4a218943
          • Instruction Fuzzy Hash: 5F31F875B54605AEEF09ABB8CD5AFBF7AF4EB407C0F245428A602AE0D2EE7049449641
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • OpenSCManagerA.ADVAPI32(?,00000000,00000000,00000004,27946D76), ref: 008B025C
          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID: ManagerOpen
          • String ID:
          • API String ID: 1889721586-0
          • Opcode ID: 7143d55ebdc53bcbf5bf4cb770f97d42773437e9606fcb796303c7aa4a218943
          • Instruction ID: deb44c2f26a6d2447bfdfb780d872745238bcb5af8a871777d7880fff4361870
          • Opcode Fuzzy Hash: 7143d55ebdc53bcbf5bf4cb770f97d42773437e9606fcb796303c7aa4a218943
          • Instruction Fuzzy Hash: 5F315175D4460DAEEB1AAEB8CD5EBFF7E94FB44344F245028A102E63D2EE7049489E41
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • OpenSCManagerA.ADVAPI32(?,00000000,00000000,00000004,27946D76), ref: 00A8025C
          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID: ManagerOpen
          • String ID:
          • API String ID: 1889721586-0
          • Opcode ID: 7143d55ebdc53bcbf5bf4cb770f97d42773437e9606fcb796303c7aa4a218943
          • Instruction ID: 709c6622087b9201654bcbbce7fbdb5c84184a6ff982a0fa4530520ccb2b727b
          • Opcode Fuzzy Hash: 7143d55ebdc53bcbf5bf4cb770f97d42773437e9606fcb796303c7aa4a218943
          • Instruction Fuzzy Hash: 03313C76D44605AEEB99BBB4CD5AFBE7E74FB40340F245028A602AA0D2FEB0494C9740
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • OpenSCManagerA.ADVAPI32(?,00000000,00000000,00000004,27946D76), ref: 00AA025C
          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID: ManagerOpen
          • String ID:
          • API String ID: 1889721586-0
          • Opcode ID: 7143d55ebdc53bcbf5bf4cb770f97d42773437e9606fcb796303c7aa4a218943
          • Instruction ID: d41bcea8c57cb8f6971ab7311536359a73b93aef57e91775e9bbeaa54b78573d
          • Opcode Fuzzy Hash: 7143d55ebdc53bcbf5bf4cb770f97d42773437e9606fcb796303c7aa4a218943
          • Instruction Fuzzy Hash: 90316C75D44305AEEF09AFB4CD5AFBE7A74FB43340F205028A202AF0D2EF7049488651
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • OpenSCManagerA.ADVAPI32(?,00000000,00000000,00000004,27946D76), ref: 001E025C
          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID: ManagerOpen
          • String ID:
          • API String ID: 1889721586-0
          • Opcode ID: 7143d55ebdc53bcbf5bf4cb770f97d42773437e9606fcb796303c7aa4a218943
          • Instruction ID: 808fe2227434ae44cded8ab5ddd5655e3673028088d2dfeccb87c1a0b30f1c93
          • Opcode Fuzzy Hash: 7143d55ebdc53bcbf5bf4cb770f97d42773437e9606fcb796303c7aa4a218943
          • Instruction Fuzzy Hash: 8831A275D44E86EEEB0FEAB6CD5AB7D7BA4FB58340F255028E202660D1EFF049C48640
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • OpenSCManagerA.ADVAPI32(?,00000000,00000000,00000004,27946D76), ref: 001C025C
          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID: ManagerOpen
          • String ID:
          • API String ID: 1889721586-0
          • Opcode ID: 7be794a2a3183f58d5b011fb443786168768839c7e64fb5eae69d30e8057904a
          • Instruction ID: f6a6f4f5839a134a617cf7e0771a692d800c3b51996871aa9193cc22a9ed88dd
          • Opcode Fuzzy Hash: 7be794a2a3183f58d5b011fb443786168768839c7e64fb5eae69d30e8057904a
          • Instruction Fuzzy Hash: 57112122B08600DEEB0FAEBCDC59F3C6A94EBB8340F22453DA106DA0C5EB74CA085201
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • OpenSCManagerA.ADVAPI32(?,00000000,00000000,00000004,27946D76), ref: 001F025C
          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID: ManagerOpen
          • String ID:
          • API String ID: 1889721586-0
          • Opcode ID: 7be794a2a3183f58d5b011fb443786168768839c7e64fb5eae69d30e8057904a
          • Instruction ID: 6b9e89901ca6fd1e66dbb55f8298d8307f5b3395e9c2975e6ebbd54586573fca
          • Opcode Fuzzy Hash: 7be794a2a3183f58d5b011fb443786168768839c7e64fb5eae69d30e8057904a
          • Instruction Fuzzy Hash: 06112526B046099DEB0FEEB8DD59B3C6A94EBD8340F21443DA606D60D7EF748A085221
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • OpenSCManagerA.ADVAPI32(?,00000000,00000000,00000004,27946D76), ref: 001D025C
          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID: ManagerOpen
          • String ID:
          • API String ID: 1889721586-0
          • Opcode ID: 7be794a2a3183f58d5b011fb443786168768839c7e64fb5eae69d30e8057904a
          • Instruction ID: 8a5d8636cf9e389591abd66c53b8e55af989336a021bb215f8bd5b5ecb6c5932
          • Opcode Fuzzy Hash: 7be794a2a3183f58d5b011fb443786168768839c7e64fb5eae69d30e8057904a
          • Instruction Fuzzy Hash: 52112522B156009DEF0FEEB8DC59B3C6A94EBDC340F21443FA406DA2C5EB748A085201
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • OpenSCManagerA.ADVAPI32(?,00000000,00000000,00000004,27946D76), ref: 00A7025C
          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID: ManagerOpen
          • String ID:
          • API String ID: 1889721586-0
          • Opcode ID: 7be794a2a3183f58d5b011fb443786168768839c7e64fb5eae69d30e8057904a
          • Instruction ID: 3c920f195db7b2163a117cb2b0ca07c9cae894b5773e9a9e0a100343ca2461e8
          • Opcode Fuzzy Hash: 7be794a2a3183f58d5b011fb443786168768839c7e64fb5eae69d30e8057904a
          • Instruction Fuzzy Hash: 40112573B14600DDEB09AFB8DD59FBD6AA4EB90340F20C43CA20EDA0D6EA7489085281
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • OpenSCManagerA.ADVAPI32(?,00000000,00000000,00000004,27946D76), ref: 00AB025C
          Memory Dump Source
          • Source File: 00000000.00000002.1368598650.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ab0000_Locky.jbxd
          Similarity
          • API ID: ManagerOpen
          • String ID:
          • API String ID: 1889721586-0
          • Opcode ID: 7be794a2a3183f58d5b011fb443786168768839c7e64fb5eae69d30e8057904a
          • Instruction ID: dea858536ccf5c4be6e4cbee2e80fc4f4b479f8103a135aa921bdad505e53cbd
          • Opcode Fuzzy Hash: 7be794a2a3183f58d5b011fb443786168768839c7e64fb5eae69d30e8057904a
          • Instruction Fuzzy Hash: 5111E576B146019DEB09AFB8DD59FFF6EACEB94340F20453DA606D60D7EE74890C5201
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • OpenSCManagerA.ADVAPI32(?,00000000,00000000,00000004,27946D76), ref: 00A9025C
          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: ManagerOpen
          • String ID:
          • API String ID: 1889721586-0
          • Opcode ID: 7be794a2a3183f58d5b011fb443786168768839c7e64fb5eae69d30e8057904a
          • Instruction ID: 7e72b10dd9051dd78fa6243e53080d99c79c8adb3fec65ef08634c36895cfd72
          • Opcode Fuzzy Hash: 7be794a2a3183f58d5b011fb443786168768839c7e64fb5eae69d30e8057904a
          • Instruction Fuzzy Hash: 0E11E176B146019EEF0DAFBCDD5AFBD7AE4EB943C0F20443DA606DA0D5EA7489085201
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • OpenSCManagerA.ADVAPI32(?,00000000,00000000,00000004,27946D76), ref: 008B025C
          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID: ManagerOpen
          • String ID:
          • API String ID: 1889721586-0
          • Opcode ID: 7be794a2a3183f58d5b011fb443786168768839c7e64fb5eae69d30e8057904a
          • Instruction ID: 77883d1fbc2c1d09c8a402666f14ae4b3decd9f0bbbc9165f907a4b07f654094
          • Opcode Fuzzy Hash: 7be794a2a3183f58d5b011fb443786168768839c7e64fb5eae69d30e8057904a
          • Instruction Fuzzy Hash: F0114C22B046059DEB0EAEBCDC59BBF7A94FBD0344F20443CA406D62D6EE74890C5A01
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • OpenSCManagerA.ADVAPI32(?,00000000,00000000,00000004,27946D76), ref: 00A8025C
          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID: ManagerOpen
          • String ID:
          • API String ID: 1889721586-0
          • Opcode ID: 7be794a2a3183f58d5b011fb443786168768839c7e64fb5eae69d30e8057904a
          • Instruction ID: 9bff62bc38b427ef1bf7343ae2aa34cdc922772b5b3459fda42a09647445d653
          • Opcode Fuzzy Hash: 7be794a2a3183f58d5b011fb443786168768839c7e64fb5eae69d30e8057904a
          • Instruction Fuzzy Hash: 19112172B046009EEBCDBFB8DD5AFBD6AA4EB90340F20443CA606DA0C5FAB4890C5301
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • OpenSCManagerA.ADVAPI32(?,00000000,00000000,00000004,27946D76), ref: 00AA025C
          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID: ManagerOpen
          • String ID:
          • API String ID: 1889721586-0
          • Opcode ID: 7be794a2a3183f58d5b011fb443786168768839c7e64fb5eae69d30e8057904a
          • Instruction ID: f84722ca4e622a7429cabf3d7f8386af98b955b07bd52fc4ed497fd7296aa6f0
          • Opcode Fuzzy Hash: 7be794a2a3183f58d5b011fb443786168768839c7e64fb5eae69d30e8057904a
          • Instruction Fuzzy Hash: B6112172B147019EEB09AFB8DD69FBD6AA4EBD6340F20443DA206DB0C5EB74890C5201
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • OpenSCManagerA.ADVAPI32(?,00000000,00000000,00000004,27946D76), ref: 001E025C
          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID: ManagerOpen
          • String ID:
          • API String ID: 1889721586-0
          • Opcode ID: 7be794a2a3183f58d5b011fb443786168768839c7e64fb5eae69d30e8057904a
          • Instruction ID: 80cb367d6a7d2d3d2e326153380b3fc4c42cb90fa442fa59245ed87644b587eb
          • Opcode Fuzzy Hash: 7be794a2a3183f58d5b011fb443786168768839c7e64fb5eae69d30e8057904a
          • Instruction Fuzzy Hash: B1112922B04E429DEB0FAEBADC59B3DAAD4EB98340F21443CE206D60C5EBF489845311
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,001C0A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,001C089F), ref: 001C0AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: bf24524665e1bc8b51e2ec9ee18259a03299a5e9cd47bb886691bd36fda494db
          • Instruction ID: f981b9ed72d3660a37e5b2488a31d15b88586e29bb43d61151c805348fdce677
          • Opcode Fuzzy Hash: bf24524665e1bc8b51e2ec9ee18259a03299a5e9cd47bb886691bd36fda494db
          • Instruction Fuzzy Hash: 72F0A079B04218CFEF2AEAE4C804F7D65219BBC3A9F26813DD10392240C774CD818210
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,001F0A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,001F089F), ref: 001F0AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: bf24524665e1bc8b51e2ec9ee18259a03299a5e9cd47bb886691bd36fda494db
          • Instruction ID: d370771e6415bbca500bf93b7cf139077c9f0b01dac1da4a57f60eaf6ec572ce
          • Opcode Fuzzy Hash: bf24524665e1bc8b51e2ec9ee18259a03299a5e9cd47bb886691bd36fda494db
          • Instruction Fuzzy Hash: 4CF0E579F0511CCFEF2BEAB4C81437D7521DBAC3A9F268139D30392242C7708C818210
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,001D0A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,001D089F), ref: 001D0AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: bf24524665e1bc8b51e2ec9ee18259a03299a5e9cd47bb886691bd36fda494db
          • Instruction ID: 7bdf1dca6f64503b32a3f9c65bdd8f0cbed57abe288dd17b53e0eeb7ba8ebb41
          • Opcode Fuzzy Hash: bf24524665e1bc8b51e2ec9ee18259a03299a5e9cd47bb886691bd36fda494db
          • Instruction Fuzzy Hash: 96F0A039B0811CCFEF2AAAA8C80437D6521DBAC3A9F26823BD10392340D7B488818211
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,00A70A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,00A7089F), ref: 00A70AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: bf24524665e1bc8b51e2ec9ee18259a03299a5e9cd47bb886691bd36fda494db
          • Instruction ID: 327a760278ca15cf01a4da332cb9e8adbcac5ac32d01949cc20484c970c4c393
          • Opcode Fuzzy Hash: bf24524665e1bc8b51e2ec9ee18259a03299a5e9cd47bb886691bd36fda494db
          • Instruction Fuzzy Hash: ADF03075B05218CEEF25ABB4CD54F7D65219BE83A9F25C139D10B91284D6B489858610
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,00AB0A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,00AB089F), ref: 00AB0AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1368598650.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ab0000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: bf24524665e1bc8b51e2ec9ee18259a03299a5e9cd47bb886691bd36fda494db
          • Instruction ID: 95d0531a701e95abda8e193a929b12821ac196c571b2fe9d6c29db055c6b704e
          • Opcode Fuzzy Hash: bf24524665e1bc8b51e2ec9ee18259a03299a5e9cd47bb886691bd36fda494db
          • Instruction Fuzzy Hash: B1F0A031B14218CEEF24AAA4C944FFF6929ABA43A9F25853DD20391282DB7088819210
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,00A90A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,00A9089F), ref: 00A90AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: bf24524665e1bc8b51e2ec9ee18259a03299a5e9cd47bb886691bd36fda494db
          • Instruction ID: 7d70219e75f778e3a9f890eb72f336c451f15a18a18260de20a5e725966767f4
          • Opcode Fuzzy Hash: bf24524665e1bc8b51e2ec9ee18259a03299a5e9cd47bb886691bd36fda494db
          • Instruction Fuzzy Hash: 52F0A031B0411CCEEF60AAA4C944F7D75F19BA43E9F258139D10391244C77088818250
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,008B0A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,008B089F), ref: 008B0AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: bf24524665e1bc8b51e2ec9ee18259a03299a5e9cd47bb886691bd36fda494db
          • Instruction ID: ee4011dbfe737d06882be80d15d71655e322b079ec01e2151a6f5405c9367cf5
          • Opcode Fuzzy Hash: bf24524665e1bc8b51e2ec9ee18259a03299a5e9cd47bb886691bd36fda494db
          • Instruction Fuzzy Hash: 61F03075F1522CCEEF24AAA8C8547FF6921FBA43BEF259539D203D1384DB7488858E11
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,00A80A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,00A8089F), ref: 00A80AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: bf24524665e1bc8b51e2ec9ee18259a03299a5e9cd47bb886691bd36fda494db
          • Instruction ID: d4c361bf6e97bea75bb33100245f54b660f836fd7b0244d694689983a521c3f3
          • Opcode Fuzzy Hash: bf24524665e1bc8b51e2ec9ee18259a03299a5e9cd47bb886691bd36fda494db
          • Instruction Fuzzy Hash: 9EF03076F05118CEEFA5BAA4C958F7DA9219BA43A9F258139D14392244D774888D8710
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,00AA0A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,00AA089F), ref: 00AA0AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: bf24524665e1bc8b51e2ec9ee18259a03299a5e9cd47bb886691bd36fda494db
          • Instruction ID: d432e78ca6a66a1fe3e2344d2442cf64eb4860b7f0522a27315084aec4a3e5f1
          • Opcode Fuzzy Hash: bf24524665e1bc8b51e2ec9ee18259a03299a5e9cd47bb886691bd36fda494db
          • Instruction Fuzzy Hash: F3F0E531F0411CCFEF20ABB4CA44FBD7531DBA63A9F258139D203932C0D77088858220
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,001E0A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,001E089F), ref: 001E0AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: bf24524665e1bc8b51e2ec9ee18259a03299a5e9cd47bb886691bd36fda494db
          • Instruction ID: 5f5231aab2ffc92ebd0c7c21fd8c65e3b2a13aead34062ad4262ac6157781261
          • Opcode Fuzzy Hash: bf24524665e1bc8b51e2ec9ee18259a03299a5e9cd47bb886691bd36fda494db
          • Instruction Fuzzy Hash: 01F0A039B0499CCFEF2AAAA6C84437D6561EBEC3A9F268139D10392240C7F08CC18210
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,001C0A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,001C089F), ref: 001C0AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: f306d8679e1406462d453f3f4c4e0a9f4df506dfa9b2575759c7a32b3d0f67bc
          • Instruction ID: c879e8ee3868a771204e34bbcffdbd398b31ff3c3f39703cca792eae7aae1f8a
          • Opcode Fuzzy Hash: f306d8679e1406462d453f3f4c4e0a9f4df506dfa9b2575759c7a32b3d0f67bc
          • Instruction Fuzzy Hash: 92E01A39A0421CCFDF16DAE8D444B6CBA61ABA9369F15817EC20296084C774CD858711
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,001F0A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,001F089F), ref: 001F0AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: f306d8679e1406462d453f3f4c4e0a9f4df506dfa9b2575759c7a32b3d0f67bc
          • Instruction ID: 3b8c7114390556fc624270f0f4ee90bc18b56e83892f5ed4f1ddbf259f1b5222
          • Opcode Fuzzy Hash: f306d8679e1406462d453f3f4c4e0a9f4df506dfa9b2575759c7a32b3d0f67bc
          • Instruction Fuzzy Hash: 46E04F39A0511CCFDF279AB8D45437C7B71EB99369F15817AC30296086C77448C58711
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,001D0A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,001D089F), ref: 001D0AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: f306d8679e1406462d453f3f4c4e0a9f4df506dfa9b2575759c7a32b3d0f67bc
          • Instruction ID: 49182c960720e178c0c16a26a59510976c40aa832d6cd889bb7091e0b64f7e2c
          • Opcode Fuzzy Hash: f306d8679e1406462d453f3f4c4e0a9f4df506dfa9b2575759c7a32b3d0f67bc
          • Instruction Fuzzy Hash: E7E04F39B0811CCFDF179AB8D44436C7B71EB99369F15827BC20296284D7B448C58712
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,00A70A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,00A7089F), ref: 00A70AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: f306d8679e1406462d453f3f4c4e0a9f4df506dfa9b2575759c7a32b3d0f67bc
          • Instruction ID: f8a72ce83d928208d8c90dbb434ea355e7cb859e88ae4fa01fe1efd4d9da375e
          • Opcode Fuzzy Hash: f306d8679e1406462d453f3f4c4e0a9f4df506dfa9b2575759c7a32b3d0f67bc
          • Instruction Fuzzy Hash: 71E04F31A0411CCFDF119BB8DC44B6C7B71EBE53A9F14C17AC20696084C7B44AC58711
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,00AB0A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,00AB089F), ref: 00AB0AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1368598650.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ab0000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: f306d8679e1406462d453f3f4c4e0a9f4df506dfa9b2575759c7a32b3d0f67bc
          • Instruction ID: 055fa867df0ebed118a9bd397f225c50b59036bbba29d661dec868a63301502f
          • Opcode Fuzzy Hash: f306d8679e1406462d453f3f4c4e0a9f4df506dfa9b2575759c7a32b3d0f67bc
          • Instruction Fuzzy Hash: 5CE04F31A1411CCFDF119BB8D444BEE7B79EBA53A9F24867EC20296086D77448C59711
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,00A90A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,00A9089F), ref: 00A90AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: f306d8679e1406462d453f3f4c4e0a9f4df506dfa9b2575759c7a32b3d0f67bc
          • Instruction ID: 1fc20d8ca294b1c5c00a90f4a80daf936c6a569ac11ce005fb2569dbd6d8389b
          • Opcode Fuzzy Hash: f306d8679e1406462d453f3f4c4e0a9f4df506dfa9b2575759c7a32b3d0f67bc
          • Instruction Fuzzy Hash: 63E04F31B0411CCFDF519BB8D484B6C7BF1EFA53E9F14817AC20296084C77448C58751
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,008B0A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,008B089F), ref: 008B0AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: f306d8679e1406462d453f3f4c4e0a9f4df506dfa9b2575759c7a32b3d0f67bc
          • Instruction ID: 987f03143c617b6ed237055a65ffecf25c45070e7767053dfcf8e3f0c763eb24
          • Opcode Fuzzy Hash: f306d8679e1406462d453f3f4c4e0a9f4df506dfa9b2575759c7a32b3d0f67bc
          • Instruction Fuzzy Hash: B3E01A31A1412CCFDF219AA8D4443EF7A61FB9537EF24967AC202E6284D77448858F11
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,00A80A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,00A8089F), ref: 00A80AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: f306d8679e1406462d453f3f4c4e0a9f4df506dfa9b2575759c7a32b3d0f67bc
          • Instruction ID: 58956413d6efe408fd0c6a826ce7dd87722113bdfe2af93f17d38661b492fcb2
          • Opcode Fuzzy Hash: f306d8679e1406462d453f3f4c4e0a9f4df506dfa9b2575759c7a32b3d0f67bc
          • Instruction Fuzzy Hash: EEE04F32B0511CCFDF96BBB8D448B6CBB71EBA53A9F14817AC242A6084C77448C98711
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,00AA0A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,00AA089F), ref: 00AA0AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: f306d8679e1406462d453f3f4c4e0a9f4df506dfa9b2575759c7a32b3d0f67bc
          • Instruction ID: 9b60921fbfa37efec4076cbcc70bff248cbfbf13c1b94b4f371ed5831cbe8a71
          • Opcode Fuzzy Hash: f306d8679e1406462d453f3f4c4e0a9f4df506dfa9b2575759c7a32b3d0f67bc
          • Instruction Fuzzy Hash: 99E04F31A0411CCFDF119BB8D644BAC7B71EBA73A9F14817AC202970C4D77448C58721
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,001E0A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,001E089F), ref: 001E0AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: f306d8679e1406462d453f3f4c4e0a9f4df506dfa9b2575759c7a32b3d0f67bc
          • Instruction ID: 98b6bea359a9bfb8b1beb63f4bcd736985917e049e868cf28592b2ac075b85ca
          • Opcode Fuzzy Hash: f306d8679e1406462d453f3f4c4e0a9f4df506dfa9b2575759c7a32b3d0f67bc
          • Instruction Fuzzy Hash: 5AE01A39A0459CCFDF269AAAD44436C7AA1FBD9369F15817AC20296085C7F448C58711
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,001C0A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,001C089F), ref: 001C0AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: 303e32b0aff05ad5fb791190028560f6be3b5f520d970743ab7c95a9af3dcfa5
          • Instruction ID: 6d62d83609b69463ed370c896e05507cd8bd163bd1f35e932e3b1c4aeba1087d
          • Opcode Fuzzy Hash: 303e32b0aff05ad5fb791190028560f6be3b5f520d970743ab7c95a9af3dcfa5
          • Instruction Fuzzy Hash: 67E0EC39A0411CCEDF26DAF8D544BAD7661ABA836DF11923DC25292084D775CD858600
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,001F0A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,001F089F), ref: 001F0AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: 303e32b0aff05ad5fb791190028560f6be3b5f520d970743ab7c95a9af3dcfa5
          • Instruction ID: ad884c30e11f8766218ea2714295646cddc376bad22938389d5fbe7ab08f167a
          • Opcode Fuzzy Hash: 303e32b0aff05ad5fb791190028560f6be3b5f520d970743ab7c95a9af3dcfa5
          • Instruction Fuzzy Hash: D5E01239B0411CCEDF26DAB9D5443BD7661EBD836DF119239C34392086D7754DC58600
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,001D0A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,001D089F), ref: 001D0AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: 303e32b0aff05ad5fb791190028560f6be3b5f520d970743ab7c95a9af3dcfa5
          • Instruction ID: 120d25d76d5faab9302f34e750546be7c07efa42f7bb9e2b53bd0d686192cecc
          • Opcode Fuzzy Hash: 303e32b0aff05ad5fb791190028560f6be3b5f520d970743ab7c95a9af3dcfa5
          • Instruction Fuzzy Hash: E7E01239B0811CCEDF26DAB8D5443AD7661EBD936DF11933FC24392284D7754DC58601
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,00A70A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,00A7089F), ref: 00A70AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: 303e32b0aff05ad5fb791190028560f6be3b5f520d970743ab7c95a9af3dcfa5
          • Instruction ID: bd17856d1cf5dc5f8cf90aca662a60e01463c2fe2a37f458ed1a6bf1098b1d2e
          • Opcode Fuzzy Hash: 303e32b0aff05ad5fb791190028560f6be3b5f520d970743ab7c95a9af3dcfa5
          • Instruction Fuzzy Hash: 65E01231B0411CCEDF20DBB8D944BAD7671EBE436DF10D239C24792084D7B54EC58600
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,00AB0A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,00AB089F), ref: 00AB0AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1368598650.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ab0000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: 303e32b0aff05ad5fb791190028560f6be3b5f520d970743ab7c95a9af3dcfa5
          • Instruction ID: de45a525f6006627945d70b0316091945aae194fb7fc2a25e04acb51bee5a097
          • Opcode Fuzzy Hash: 303e32b0aff05ad5fb791190028560f6be3b5f520d970743ab7c95a9af3dcfa5
          • Instruction Fuzzy Hash: 93E01231B1411CCEDF249BB8D544BEE7679EBE036DF20963DC24392086D77549C59600
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,00A90A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,00A9089F), ref: 00A90AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: 303e32b0aff05ad5fb791190028560f6be3b5f520d970743ab7c95a9af3dcfa5
          • Instruction ID: b8d93af2497880f00caadfc1b1b98b648ab6b2818874f257078b274757da3f44
          • Opcode Fuzzy Hash: 303e32b0aff05ad5fb791190028560f6be3b5f520d970743ab7c95a9af3dcfa5
          • Instruction Fuzzy Hash: ADE01231B0411CCEDF609BB8D584BBD76F1EBE03EDF109239C24392084D77549C58600
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,008B0A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,008B089F), ref: 008B0AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: 303e32b0aff05ad5fb791190028560f6be3b5f520d970743ab7c95a9af3dcfa5
          • Instruction ID: 110df7bdf8cc1ba2a2bb2ad338005ca9bf8b5be1c10b14a90d8932571a963838
          • Opcode Fuzzy Hash: 303e32b0aff05ad5fb791190028560f6be3b5f520d970743ab7c95a9af3dcfa5
          • Instruction Fuzzy Hash: 9BE0EC31A1411CCEDF249AB8D5443EF7661FB9037EF209639C252D2284D77549858E00
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,00A80A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,00A8089F), ref: 00A80AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: 303e32b0aff05ad5fb791190028560f6be3b5f520d970743ab7c95a9af3dcfa5
          • Instruction ID: 986ece9467a6bf85efdbcd20668be241d5d83aef1d44e7fa6151fe013c8fddae
          • Opcode Fuzzy Hash: 303e32b0aff05ad5fb791190028560f6be3b5f520d970743ab7c95a9af3dcfa5
          • Instruction Fuzzy Hash: F4E0EC32B0411CCEDF65BAB8D548BAD7671ABA0369F109239C28292084D77549898700
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,00AA0A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,00AA089F), ref: 00AA0AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: 303e32b0aff05ad5fb791190028560f6be3b5f520d970743ab7c95a9af3dcfa5
          • Instruction ID: f738dadc9a131e334c315112ae57874359ed0a0dc009a4d0784f3e68d7c5a288
          • Opcode Fuzzy Hash: 303e32b0aff05ad5fb791190028560f6be3b5f520d970743ab7c95a9af3dcfa5
          • Instruction Fuzzy Hash: 46E01231B0411CCEDF209BB8D644BAD7671EBE236DF109239C243930C4D77549C58620
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • EnumWindows.USER32(00000000,FF2505AE,16D64C45,001E0A8D,00000000,FF2505AE,00000000,6290E2DF,327942EA,6290E2DF,001E089F), ref: 001E0AD9
          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID: EnumWindows
          • String ID:
          • API String ID: 1129996299-0
          • Opcode ID: 303e32b0aff05ad5fb791190028560f6be3b5f520d970743ab7c95a9af3dcfa5
          • Instruction ID: 1ff165f6b457afffe8b7f4e0e32e77a4d31bfac2e400a1203034b12d13cd5d1c
          • Opcode Fuzzy Hash: 303e32b0aff05ad5fb791190028560f6be3b5f520d970743ab7c95a9af3dcfa5
          • Instruction Fuzzy Hash: 27E01239B0455CCEDF26DABAD5443AD76A1FBD836DF119239C24392085D7F54DC68600
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID: AllocGlobal
          • String ID:
          • API String ID: 3761449716-0
          • Opcode ID: aa41c34816d087effd764b78e8d9161e96e921d906659a684013b79fa3f64506
          • Instruction ID: daa0a4210af4f41364841b1188af28f9af51244bf217faa3dd3de06c83547739
          • Opcode Fuzzy Hash: aa41c34816d087effd764b78e8d9161e96e921d906659a684013b79fa3f64506
          • Instruction Fuzzy Hash: 99513671A04609AEEB2D6A78CD66FFF7E54FB94308F14853CA103E9296DA3449049E1A
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID: AllocGlobal
          • String ID:
          • API String ID: 3761449716-0
          • Opcode ID: aa41c34816d087effd764b78e8d9161e96e921d906659a684013b79fa3f64506
          • Instruction ID: 3a1fa7c7ce110d72da31757309a83246ac59d7698bdce92c0cdde6997e50db78
          • Opcode Fuzzy Hash: aa41c34816d087effd764b78e8d9161e96e921d906659a684013b79fa3f64506
          • Instruction Fuzzy Hash: 4B515972E14206AFEB1D6F78CE66F7E7E64EB9A300F10853CE103A70D6DB3449088A15
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID: AllocGlobal
          • String ID:
          • API String ID: 3761449716-0
          • Opcode ID: ae5b13e3ba68312dcf867a57d7e57729420221dded57e4ba13b11bd706309df1
          • Instruction ID: 12b4347c8e0a1a4a7f9d7d25228d747fe04cbd8217ed9a053c059af8cfb24025
          • Opcode Fuzzy Hash: ae5b13e3ba68312dcf867a57d7e57729420221dded57e4ba13b11bd706309df1
          • Instruction Fuzzy Hash: 6E412A61E04609AEEB2D6A78CD66BFF7E54FB80308F149538E103F9692DA3445049E5A
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID: AllocGlobal
          • String ID:
          • API String ID: 3761449716-0
          • Opcode ID: ae5b13e3ba68312dcf867a57d7e57729420221dded57e4ba13b11bd706309df1
          • Instruction ID: 3f7026ff563ac60693421b6f3758af44ca2fe0dff7a1db710a23b1bbb99032e6
          • Opcode Fuzzy Hash: ae5b13e3ba68312dcf867a57d7e57729420221dded57e4ba13b11bd706309df1
          • Instruction Fuzzy Hash: 1A412972E14106AFEB1D6BB8CE66F7E7E65EB86300F14D43DE103A70C2DB3549049A55
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: 898b2093c72ef551bff4e442e1787a7db92ae5d73ef154c39c030328052b379c
          • Instruction ID: 6eb55fd987fd53964342215f37fb546398d2faed0ec9146731429995660f676a
          • Opcode Fuzzy Hash: 898b2093c72ef551bff4e442e1787a7db92ae5d73ef154c39c030328052b379c
          • Instruction Fuzzy Hash: 2531C021B286119FE64E7AB8CD66F3D6A45EBB8700F156A3CF247D609ACB7CCA044115
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: 898b2093c72ef551bff4e442e1787a7db92ae5d73ef154c39c030328052b379c
          • Instruction ID: 68e5e69d22cfa797d651410630af118f1a8b7a7f39678af211328033f3c367b2
          • Opcode Fuzzy Hash: 898b2093c72ef551bff4e442e1787a7db92ae5d73ef154c39c030328052b379c
          • Instruction Fuzzy Hash: 24310261B246099EE74EBE78CD66F3D7985EBA8300F11493CF347DA0DBCB788A044115
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: 898b2093c72ef551bff4e442e1787a7db92ae5d73ef154c39c030328052b379c
          • Instruction ID: b4da2e126dea16c4bcfb293b48e21c078b24eb77f23d251baf5f9d465462193a
          • Opcode Fuzzy Hash: 898b2093c72ef551bff4e442e1787a7db92ae5d73ef154c39c030328052b379c
          • Instruction Fuzzy Hash: AE31F121B28601ADE64E7E78CD66F3D6945EBBC300F11493EF297D62DACB7C8A048115
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: 898b2093c72ef551bff4e442e1787a7db92ae5d73ef154c39c030328052b379c
          • Instruction ID: 149554faf80574765c6f1978b334fcdf3cb3821efd4c5cfa6e4a9ef4e65718e9
          • Opcode Fuzzy Hash: 898b2093c72ef551bff4e442e1787a7db92ae5d73ef154c39c030328052b379c
          • Instruction Fuzzy Hash: 5731E021B28601AEEA5E7E78CE66F3E7955EB94700F14D93CB24FDA0DBC97889044315
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1368598650.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ab0000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: 898b2093c72ef551bff4e442e1787a7db92ae5d73ef154c39c030328052b379c
          • Instruction ID: 6d96578fd3c3de4a2ce4550310cbab30ff13fdc7719d839422c54ef76e170b82
          • Opcode Fuzzy Hash: 898b2093c72ef551bff4e442e1787a7db92ae5d73ef154c39c030328052b379c
          • Instruction Fuzzy Hash: 9C310031B286019EEA4E7F78CE66FBE7D9DEB95300F00593DB247DA4DBC92889044306
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: 898b2093c72ef551bff4e442e1787a7db92ae5d73ef154c39c030328052b379c
          • Instruction ID: 2351e5fcb78764148d3a3595f12df33f125e3c4a7584e8edf6da0a1db67cec00
          • Opcode Fuzzy Hash: 898b2093c72ef551bff4e442e1787a7db92ae5d73ef154c39c030328052b379c
          • Instruction Fuzzy Hash: D431FD21B28611BEEE4E7E7CCEA6F3E79D5EBD4340F00593CB247DA0DAC92889044205
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: 898b2093c72ef551bff4e442e1787a7db92ae5d73ef154c39c030328052b379c
          • Instruction ID: 066ec6210b3c616e207680ffb9a118859329f72b0b04256788cfc81f673653b1
          • Opcode Fuzzy Hash: 898b2093c72ef551bff4e442e1787a7db92ae5d73ef154c39c030328052b379c
          • Instruction Fuzzy Hash: EB310221B286159DE64E7E7CCD76FBE7985FB98300F044A3CB247DA7EBC92C89045606
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: 898b2093c72ef551bff4e442e1787a7db92ae5d73ef154c39c030328052b379c
          • Instruction ID: 2b073d72b134d001ddba20b769d7de290abb3198ca15bae53c259e36182f8d49
          • Opcode Fuzzy Hash: 898b2093c72ef551bff4e442e1787a7db92ae5d73ef154c39c030328052b379c
          • Instruction Fuzzy Hash: CD31F372B246019DEB9E7F78CE76F3E7955EB94700F14593CB247DA0DAC93889084315
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: 898b2093c72ef551bff4e442e1787a7db92ae5d73ef154c39c030328052b379c
          • Instruction ID: a1fd7c07ad272dd802433c9ba7e9c1f3f1de3cbadc866d5ec76935cd17786162
          • Opcode Fuzzy Hash: 898b2093c72ef551bff4e442e1787a7db92ae5d73ef154c39c030328052b379c
          • Instruction Fuzzy Hash: 72310421B246019EEA4D7F7CCE66F3EB955EB97300F00593CB247DB0DACB2889184315
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: 898b2093c72ef551bff4e442e1787a7db92ae5d73ef154c39c030328052b379c
          • Instruction ID: 9efc80c12d0ceee901d2cb15bace3db2b289bbaf99bcdb41ff0bdec110b274bc
          • Opcode Fuzzy Hash: 898b2093c72ef551bff4e442e1787a7db92ae5d73ef154c39c030328052b379c
          • Instruction Fuzzy Hash: E5312421B14E819EE60E7E7ACD76F3DB949EBA8300F10493CF247D60DACBB88A444615
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: FreeGlobal
          • String ID:
          • API String ID: 2979337801-0
          • Opcode ID: 7d96984aef991ba2c00d6622099d9d4adef357b132f917de39ee115001113cf0
          • Instruction ID: cd353e4a843be52d5843d72f6721aa036646f38d17de9829f286f2a95f0e2533
          • Opcode Fuzzy Hash: 7d96984aef991ba2c00d6622099d9d4adef357b132f917de39ee115001113cf0
          • Instruction Fuzzy Hash: 70314672B14205AEEF1E2B78CE66F3E7EE5EBD03C0F15C438E103A9096D93449449A55
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: FreeGlobal
          • String ID:
          • API String ID: 2979337801-0
          • Opcode ID: 242e983b1d3b3d717b816efc3d574f13fb3b03877ced543eb43e9f15b90906eb
          • Instruction ID: 1efc6b5a90b3f4ab3b3fbe7c21a42bd70c9d7bb00bf696a8d2cd6416506bad23
          • Opcode Fuzzy Hash: 242e983b1d3b3d717b816efc3d574f13fb3b03877ced543eb43e9f15b90906eb
          • Instruction Fuzzy Hash: 3E312672B14205AEEF1E6B78CE66F3E7AE5EBD03C0F15C43CE103AA096D93449449A55
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: FreeGlobal
          • String ID:
          • API String ID: 2979337801-0
          • Opcode ID: 9e1a008463e1d6c089ec067d11ac609fe80784caba6365a1e0fbea61d75dcfef
          • Instruction ID: 5f7aaaab51c05cf21734fbf4d2a548c8a1faa73a3ad04dc3aa92df82ede7e1f5
          • Opcode Fuzzy Hash: 9e1a008463e1d6c089ec067d11ac609fe80784caba6365a1e0fbea61d75dcfef
          • Instruction Fuzzy Hash: 36312472B14205AEEF5E6B78CE66F3E7AE4EB903C0F15C538E143AA096D9344A048A55
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: FreeGlobal
          • String ID:
          • API String ID: 2979337801-0
          • Opcode ID: ecf4bcc3757c591175355b2941fb2a5490f292a7a3d1a9b3df55e5448ef4b79f
          • Instruction ID: d08fe6523a85ac75b37fc1e4ab3d617f55d21069f22e1db0c0dbd8b14c0a55c9
          • Opcode Fuzzy Hash: ecf4bcc3757c591175355b2941fb2a5490f292a7a3d1a9b3df55e5448ef4b79f
          • Instruction Fuzzy Hash: CA316872B04205AEEF1D6B7CCE66F3E7AE4EBD03C0F15C43CE103A9096D9344A048A49
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: FreeGlobal
          • String ID:
          • API String ID: 2979337801-0
          • Opcode ID: 9d0cbc147539a91f505409f4ed4add0d53bb13aab9542671369447e8c11aa720
          • Instruction ID: 4cb354137ea75b1cf4df4e98f8eceb1c650f4653ea8c85be72ebd7b3dc942b32
          • Opcode Fuzzy Hash: 9d0cbc147539a91f505409f4ed4add0d53bb13aab9542671369447e8c11aa720
          • Instruction Fuzzy Hash: 23314872B14205AEEF5D6B7CCE66F3E7AE4DBD03C0F05C53CE1035A096D93449048A59
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: def5b3e75c616d8ac4a9b6af426dd922a3db7102d11c4dcee0e5998807ed7815
          • Instruction ID: 4bb9382a4261be747958f3c87520be50509f05015db253c6b46cec3aed6ec022
          • Opcode Fuzzy Hash: def5b3e75c616d8ac4a9b6af426dd922a3db7102d11c4dcee0e5998807ed7815
          • Instruction Fuzzy Hash: 0621F321B28611AFEB1E7AB8CD66F3D6A45EBB8700F11693CF147D60DADB7CCA044105
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: def5b3e75c616d8ac4a9b6af426dd922a3db7102d11c4dcee0e5998807ed7815
          • Instruction ID: a69d73a23d3199121a50a3e97ccf2122025e12bb3c149238d55b5945b32b69fb
          • Opcode Fuzzy Hash: def5b3e75c616d8ac4a9b6af426dd922a3db7102d11c4dcee0e5998807ed7815
          • Instruction Fuzzy Hash: 6521E4A1B14619ADE71EBA78CD66F3D6945EBA8700F10593CF347DA0DBDFB889044101
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: def5b3e75c616d8ac4a9b6af426dd922a3db7102d11c4dcee0e5998807ed7815
          • Instruction ID: c5892ba2aacc23624319c33d6e27f8412e8e29cb844c6d43b5394839339b6630
          • Opcode Fuzzy Hash: def5b3e75c616d8ac4a9b6af426dd922a3db7102d11c4dcee0e5998807ed7815
          • Instruction Fuzzy Hash: 39212321B28601ADEB0E7A78CD66F3DAA45EBBC300F10593EF557D62DACB7C8A044101
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: def5b3e75c616d8ac4a9b6af426dd922a3db7102d11c4dcee0e5998807ed7815
          • Instruction ID: c6cebf10e6319bfa87b83b725fe43d0ad2659b753ea9478509944ebd17346adc
          • Opcode Fuzzy Hash: def5b3e75c616d8ac4a9b6af426dd922a3db7102d11c4dcee0e5998807ed7815
          • Instruction Fuzzy Hash: 0721F131B28611ADEB5E7B78CE66F3E7955EB94700F10D93CB14FDA0DAD97889044305
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: def5b3e75c616d8ac4a9b6af426dd922a3db7102d11c4dcee0e5998807ed7815
          • Instruction ID: 3e8c4e17428e49ede369e0ea427839de6ca109c4cb6ee11df86327ae9bfab165
          • Opcode Fuzzy Hash: def5b3e75c616d8ac4a9b6af426dd922a3db7102d11c4dcee0e5998807ed7815
          • Instruction Fuzzy Hash: 3221EC22B28611BEEE5E7B78CE66F3E7AD5EBD4740F10593CB147DA0DAD92889044341
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: def5b3e75c616d8ac4a9b6af426dd922a3db7102d11c4dcee0e5998807ed7815
          • Instruction ID: 9a43649f50ae2c74bc729fd495d0427f1a041f867eb40163b52fa53b0cc3e513
          • Opcode Fuzzy Hash: def5b3e75c616d8ac4a9b6af426dd922a3db7102d11c4dcee0e5998807ed7815
          • Instruction Fuzzy Hash: 5C212321B286156DEB0E7E7CCD66FBE6985FB98300F045A3CB147DA7EBC92C89044646
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: def5b3e75c616d8ac4a9b6af426dd922a3db7102d11c4dcee0e5998807ed7815
          • Instruction ID: 6f1e19a6e20affeb8391cd10e8f2d3097da7d58cc4e5790922154a9ff2e4c4fc
          • Opcode Fuzzy Hash: def5b3e75c616d8ac4a9b6af426dd922a3db7102d11c4dcee0e5998807ed7815
          • Instruction Fuzzy Hash: D7213272B28A01ADEB8E7F78CE76F3E7955EB94300F00593CB147DA0DAC93889084351
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: def5b3e75c616d8ac4a9b6af426dd922a3db7102d11c4dcee0e5998807ed7815
          • Instruction ID: 1df79537a59b386fb5d17f11070548ff3fe92e7f6f0332d84c7538d580449381
          • Opcode Fuzzy Hash: def5b3e75c616d8ac4a9b6af426dd922a3db7102d11c4dcee0e5998807ed7815
          • Instruction Fuzzy Hash: 48210121B286016EEA4D7F7CCE66F3EA955EB9B300F00593CB147DB0DADB2889144311
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: def5b3e75c616d8ac4a9b6af426dd922a3db7102d11c4dcee0e5998807ed7815
          • Instruction ID: e64a57e38f248bad3a3baa13ed33fc2315825292aa95e68beb8bbab1ab492afa
          • Opcode Fuzzy Hash: def5b3e75c616d8ac4a9b6af426dd922a3db7102d11c4dcee0e5998807ed7815
          • Instruction Fuzzy Hash: 51212621B14E81ADE70E7B7ACD76F3DA949EBA8300F10593CF147D60DACBB889444651
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: FreeGlobal
          • String ID:
          • API String ID: 2979337801-0
          • Opcode ID: ec9d4cd37018a0548bae590ac62436657a8c8dc97c69b0e36f8915efa27c01d6
          • Instruction ID: 260dd348841bf081e4d781f8f33447dd51b158fa2417b20745ec48436507c090
          • Opcode Fuzzy Hash: ec9d4cd37018a0548bae590ac62436657a8c8dc97c69b0e36f8915efa27c01d6
          • Instruction Fuzzy Hash: 29214672B14205AEEF5E3A7CCE62F3E7AD4DF903C0F05C93CE4439A096D93489048A59
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: FreeGlobal
          • String ID:
          • API String ID: 2979337801-0
          • Opcode ID: 711a299f1d6fc25425cae964c2043742440614cfa6f9e7dde393478363474f3e
          • Instruction ID: f0d96dd8ddb5fd59b52ba3393e22ed09dd4a72bd72a9164e005a1fc9ff8568b1
          • Opcode Fuzzy Hash: 711a299f1d6fc25425cae964c2043742440614cfa6f9e7dde393478363474f3e
          • Instruction Fuzzy Hash: 9B214572B14600AEEF4E7A7CCE62F3E7AD0DFD0380F01C93CE0439A086D93889044A45
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: 814a007ed9d00f088cb2b84552fa877b7c782b4f2b782de20201e5706d7e4e6b
          • Instruction ID: dc1cc72e47cbbb210123ca8a5c1c6cf42a084101ac7763172604a639d2ce66e4
          • Opcode Fuzzy Hash: 814a007ed9d00f088cb2b84552fa877b7c782b4f2b782de20201e5706d7e4e6b
          • Instruction Fuzzy Hash: F721D021B28611DFEB5E7AB8CD66F3D7A45EBB8700F116A3CF147D649ACB78CA044106
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: 814a007ed9d00f088cb2b84552fa877b7c782b4f2b782de20201e5706d7e4e6b
          • Instruction ID: d69d922686795437f8b962215df56080b6c0a6e4db7595318cc7a97dd632146a
          • Opcode Fuzzy Hash: 814a007ed9d00f088cb2b84552fa877b7c782b4f2b782de20201e5706d7e4e6b
          • Instruction Fuzzy Hash: 83212561B286099EEB1EBE78CD66F3DB985EBA8300F11593CF343DA0D7CB788A044105
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: 814a007ed9d00f088cb2b84552fa877b7c782b4f2b782de20201e5706d7e4e6b
          • Instruction ID: fd09ea91985a79c5e86f576cd505acdc6438080b242e7fbf8e769a255d2505a3
          • Opcode Fuzzy Hash: 814a007ed9d00f088cb2b84552fa877b7c782b4f2b782de20201e5706d7e4e6b
          • Instruction Fuzzy Hash: 9A210021B28601AEEB1E7A7CCD66F3DB945EBBC300F11593EF553D629ACB3C8A048105
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: 814a007ed9d00f088cb2b84552fa877b7c782b4f2b782de20201e5706d7e4e6b
          • Instruction ID: d007ac655b505d6250d76983fe0965fb485b92e57fa6db736b94957e2a1fabbd
          • Opcode Fuzzy Hash: 814a007ed9d00f088cb2b84552fa877b7c782b4f2b782de20201e5706d7e4e6b
          • Instruction Fuzzy Hash: E321FF31B286119EEB5E7F78CE66F3EB955EB94300F10D93CB14FDA4DAC97889044205
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1368598650.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ab0000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: 814a007ed9d00f088cb2b84552fa877b7c782b4f2b782de20201e5706d7e4e6b
          • Instruction ID: 423362b69ebfa1183f74c9c8b2f7d1f665a75393f32c5dae02b6dd750f4d7030
          • Opcode Fuzzy Hash: 814a007ed9d00f088cb2b84552fa877b7c782b4f2b782de20201e5706d7e4e6b
          • Instruction Fuzzy Hash: F821D031A286119EEB5E7F78CE66FBE7D9DEB94300F10593DA147DA8DBC92889044206
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: 814a007ed9d00f088cb2b84552fa877b7c782b4f2b782de20201e5706d7e4e6b
          • Instruction ID: 6a2ea7522862cc7fa874f408ce212d15b0f8299af0ecd3654350244969786c94
          • Opcode Fuzzy Hash: 814a007ed9d00f088cb2b84552fa877b7c782b4f2b782de20201e5706d7e4e6b
          • Instruction Fuzzy Hash: B9210E32B28611BEEF5E7B7CCE66F3EB9D5EBD4340F10593CA543DA09AD92889044205
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: 814a007ed9d00f088cb2b84552fa877b7c782b4f2b782de20201e5706d7e4e6b
          • Instruction ID: 0e50929e6ceb059e038aa82bd73472a091e3ffe1b1b57d46281c921004158bf8
          • Opcode Fuzzy Hash: 814a007ed9d00f088cb2b84552fa877b7c782b4f2b782de20201e5706d7e4e6b
          • Instruction Fuzzy Hash: 0B214521B286159DEB0E7E7CCD66FBE7981FB98300F000A3CB143CA7EBC9288904450A
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: 814a007ed9d00f088cb2b84552fa877b7c782b4f2b782de20201e5706d7e4e6b
          • Instruction ID: 37fafc183b4db69dc450760a5869fbb9ba8e52109d74162e19b7a463cb4497c1
          • Opcode Fuzzy Hash: 814a007ed9d00f088cb2b84552fa877b7c782b4f2b782de20201e5706d7e4e6b
          • Instruction Fuzzy Hash: 7C21FF32B28A119EEB9E7F78CE76F3DB955EB94300F10593CB147DA4DAC93889184315
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: 814a007ed9d00f088cb2b84552fa877b7c782b4f2b782de20201e5706d7e4e6b
          • Instruction ID: 02a28457021616fafaf91cbc1ac604b34d21d24ed03752739832e692b3bc4fb1
          • Opcode Fuzzy Hash: 814a007ed9d00f088cb2b84552fa877b7c782b4f2b782de20201e5706d7e4e6b
          • Instruction Fuzzy Hash: 39210031A286019EEB5E7F7CCE66F3EB955EB9B300F10593CB143DB4DACB2889184215
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: 814a007ed9d00f088cb2b84552fa877b7c782b4f2b782de20201e5706d7e4e6b
          • Instruction ID: a0fd14da6be021d5fd23fcce533bcb641988d54dc19a9dcb656d9e527b371d4c
          • Opcode Fuzzy Hash: 814a007ed9d00f088cb2b84552fa877b7c782b4f2b782de20201e5706d7e4e6b
          • Instruction Fuzzy Hash: BA210321B28E819DEB1E7B7ACD76F3DB949EBA8300F11593CF143D60D6CBB88A444515
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: FreeGlobal
          • String ID:
          • API String ID: 2979337801-0
          • Opcode ID: c80b6534199e51e53d530ab20f00f87f2df0f4f7ef7f2b45204612e7284cb14b
          • Instruction ID: 55d338c5a0a4ffaaead42c6c65c07b18f05975a33ab0d608a5c54b2ad472fd82
          • Opcode Fuzzy Hash: c80b6534199e51e53d530ab20f00f87f2df0f4f7ef7f2b45204612e7284cb14b
          • Instruction Fuzzy Hash: AF01D2A2F14611AEEF1E7A7CDE62F3D7AE0DB80780F11D93CE442A6086DD298A054A55
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: 70940219a3743aeb59f8a5823e4dacd3235db1b1313238fc0ab602d916aed208
          • Instruction ID: 437130428d9814d99d24a58a99d5c6ca8ab3bb1c509bc70494991023ea43d6ba
          • Opcode Fuzzy Hash: 70940219a3743aeb59f8a5823e4dacd3235db1b1313238fc0ab602d916aed208
          • Instruction Fuzzy Hash: A101F521E286119FEB1E7BB8CD66F3C7A41EBB8700F11193CE247D50D6DB78C9044545
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: 70940219a3743aeb59f8a5823e4dacd3235db1b1313238fc0ab602d916aed208
          • Instruction ID: aef446150ec83dc74e6d7cdabd5c98217e98f3f33d5dde700414429738ca7867
          • Opcode Fuzzy Hash: 70940219a3743aeb59f8a5823e4dacd3235db1b1313238fc0ab602d916aed208
          • Instruction Fuzzy Hash: A401F561E245199DEB1EBA78CD66F3CB941EBA8300F10193CE347D50D6DBB88D054541
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: 70940219a3743aeb59f8a5823e4dacd3235db1b1313238fc0ab602d916aed208
          • Instruction ID: 7a8be4cbc3234440907ae2da985f5520a127661e7cc22c83af42327896cabb60
          • Opcode Fuzzy Hash: 70940219a3743aeb59f8a5823e4dacd3235db1b1313238fc0ab602d916aed208
          • Instruction Fuzzy Hash: BE014531E24501ADEB1E7A78CD22B3CB941EBB8301F10193EE953C52D6DB3889008101
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: 70940219a3743aeb59f8a5823e4dacd3235db1b1313238fc0ab602d916aed208
          • Instruction ID: 0b9b8dacfc92c319eca4d596a915d3e7f728aab782a00b463268009d7f3b466a
          • Opcode Fuzzy Hash: 70940219a3743aeb59f8a5823e4dacd3235db1b1313238fc0ab602d916aed208
          • Instruction Fuzzy Hash: 02014131F28A019DEB1E7B78CE22F3C7954EB84300F10D93CA24FDA0DAD83889000205
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: 70940219a3743aeb59f8a5823e4dacd3235db1b1313238fc0ab602d916aed208
          • Instruction ID: 12514cdad401f3d67bb8410a3fa4a429a8239ebdce283b397e9719f554f1f49f
          • Opcode Fuzzy Hash: 70940219a3743aeb59f8a5823e4dacd3235db1b1313238fc0ab602d916aed208
          • Instruction Fuzzy Hash: 3401DE31B28A117DEE5E7B78CE66F3D79D1EBD4340F10193CA647DA09AD92889044641
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: 70940219a3743aeb59f8a5823e4dacd3235db1b1313238fc0ab602d916aed208
          • Instruction ID: 15e38dba9cd7572f00b958c82f8fd69d122f0c82559a58d54e42eac09dc0ea30
          • Opcode Fuzzy Hash: 70940219a3743aeb59f8a5823e4dacd3235db1b1313238fc0ab602d916aed208
          • Instruction Fuzzy Hash: 8F016821E286115DEB0E7F7CCD22BBD7940FBC8300F10193CA143C5BE6D9288D05454A
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: 70940219a3743aeb59f8a5823e4dacd3235db1b1313238fc0ab602d916aed208
          • Instruction ID: e949b038c1db545f4abefaca7672f4432b865fd330b0fa29e8006cf69d586f99
          • Opcode Fuzzy Hash: 70940219a3743aeb59f8a5823e4dacd3235db1b1313238fc0ab602d916aed208
          • Instruction Fuzzy Hash: D0012472E28A115DEB9E7F78CE66F3D7951EBD4300F10193CA247D60DAD93889084751
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: 70940219a3743aeb59f8a5823e4dacd3235db1b1313238fc0ab602d916aed208
          • Instruction ID: 58c556d795ae1530cbb25e29403ab104a9fe588ab5327bf709e65fb783b86a21
          • Opcode Fuzzy Hash: 70940219a3743aeb59f8a5823e4dacd3235db1b1313238fc0ab602d916aed208
          • Instruction Fuzzy Hash: B301F131E28A115EEB5E7F7CCE66F3DB951EB9A300F10193CA247DB0DADB2889144741
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID: Sleep
          • String ID:
          • API String ID: 3472027048-0
          • Opcode ID: 70940219a3743aeb59f8a5823e4dacd3235db1b1313238fc0ab602d916aed208
          • Instruction ID: bfffaf8c03430d463282b08e84718deda70fd086450a5ae8b4bbc9282d0961e8
          • Opcode Fuzzy Hash: 70940219a3743aeb59f8a5823e4dacd3235db1b1313238fc0ab602d916aed208
          • Instruction Fuzzy Hash: DE01F521E24D919DEB1E7B7ACD76B3CB949EBA8300F20193CE147D60D6DB7889444541
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: FreeGlobal
          • String ID:
          • API String ID: 2979337801-0
          • Opcode ID: 15894355eccd03ea0a8db6aa1e96861580267f3590d01176d46c7f59e491373a
          • Instruction ID: 3104b5735096eb505e45a7cd299355a22b65f6c8da5eb78478ce3481135506fc
          • Opcode Fuzzy Hash: 15894355eccd03ea0a8db6aa1e96861580267f3590d01176d46c7f59e491373a
          • Instruction Fuzzy Hash: 6C012662B14600AEEF4E7A7CDE62F3E3AD0DB903C0F11D93CE14399086D9348A054A09
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: FreeGlobal
          • String ID:
          • API String ID: 2979337801-0
          • Opcode ID: 709c980a2c7d3b8d55778b494cb6b017328db72dfacde7fd63e996d1624ece79
          • Instruction ID: fde2ba495e0ca2dc906f8447a603cfd2c71da47c247d57b695ee4e19ce918367
          • Opcode Fuzzy Hash: 709c980a2c7d3b8d55778b494cb6b017328db72dfacde7fd63e996d1624ece79
          • Instruction Fuzzy Hash: 0DF0C232B14614AEEF4D7A7CDE62F3E7AD4DBD4780F11993DE143DA086D9388A044A05
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID: FreeGlobal
          • String ID:
          • API String ID: 2979337801-0
          • Opcode ID: 8d6f4ee056c3c98a9ae63113eec0c6c25b182e6691b755c79573347604eb4a33
          • Instruction ID: 5e8eeebdb5492b6b12c5f15d5960018d6b04bbc66fa61488541b7864d74e08f7
          • Opcode Fuzzy Hash: 8d6f4ee056c3c98a9ae63113eec0c6c25b182e6691b755c79573347604eb4a33
          • Instruction Fuzzy Hash: 9BC04CABF444157A9B05B7DEF4525DC63F0DAC07A57209467C112E6040ED6A86464F45
          Uniqueness

          Uniqueness Score: -1.00%

          Non-executed Functions

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID: ;
          • API String ID: 0-1661535913
          • Opcode ID: 74ffacd2ef03bbcaf76bf4871256502bfb38b8a5698f50e2a712a4d5d9e18f70
          • Instruction ID: 6c0086fead834bdd2570da0e0ff88d7df638bfe71df432fec23b89791aab7d0c
          • Opcode Fuzzy Hash: 74ffacd2ef03bbcaf76bf4871256502bfb38b8a5698f50e2a712a4d5d9e18f70
          • Instruction Fuzzy Hash: B8C14731E14215DFEB0EAB78CC96FBDBAA1EBB8300F25857CE547E6095DB74C9409A01
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID: ;
          • API String ID: 0-1661535913
          • Opcode ID: 74ffacd2ef03bbcaf76bf4871256502bfb38b8a5698f50e2a712a4d5d9e18f70
          • Instruction ID: e671ac45291c1fbbd76e314059490f6761b4eb6db8a4685ec815bfac76f58719
          • Opcode Fuzzy Hash: 74ffacd2ef03bbcaf76bf4871256502bfb38b8a5698f50e2a712a4d5d9e18f70
          • Instruction Fuzzy Hash: 13C16B31E1461D9FEB0EAB78CC56BBCBAA1EBA4300F25467CE707D7096DB7449409B01
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID: ;
          • API String ID: 0-1661535913
          • Opcode ID: 74ffacd2ef03bbcaf76bf4871256502bfb38b8a5698f50e2a712a4d5d9e18f70
          • Instruction ID: 1fea4838f3d0123e9b9995b5984c586db7136a87811b34319d8f377f32cce9ac
          • Opcode Fuzzy Hash: 74ffacd2ef03bbcaf76bf4871256502bfb38b8a5698f50e2a712a4d5d9e18f70
          • Instruction Fuzzy Hash: 61C19A31E142159FEB1EAB78CC91BBCBBA1EBB8300F21457EE517D7295DB3489409B00
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID:
          • String ID: ;
          • API String ID: 0-1661535913
          • Opcode ID: 74ffacd2ef03bbcaf76bf4871256502bfb38b8a5698f50e2a712a4d5d9e18f70
          • Instruction ID: 25227f537b6d83ce5884c4a4de7360b66798089bf80e4be7607aab5679763078
          • Opcode Fuzzy Hash: 74ffacd2ef03bbcaf76bf4871256502bfb38b8a5698f50e2a712a4d5d9e18f70
          • Instruction Fuzzy Hash: FDC15631E14215DEEB0EAB78CDA5BBDBAB1EB84300F24C57DE54FEA096DA7449418B01
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID:
          • String ID: ;
          • API String ID: 0-1661535913
          • Opcode ID: 74ffacd2ef03bbcaf76bf4871256502bfb38b8a5698f50e2a712a4d5d9e18f70
          • Instruction ID: 8ed6bce4091234eff2a7102f92f73b44b034f527b2bff495b502604bb5fcd455
          • Opcode Fuzzy Hash: 74ffacd2ef03bbcaf76bf4871256502bfb38b8a5698f50e2a712a4d5d9e18f70
          • Instruction Fuzzy Hash: 5EC15631F14215AEEF0EAB78CD96FBDBAF1EB94300F20857CE507EA096DA3449449B01
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID: ;
          • API String ID: 0-1661535913
          • Opcode ID: 74ffacd2ef03bbcaf76bf4871256502bfb38b8a5698f50e2a712a4d5d9e18f70
          • Instruction ID: 2015019a223beee9c9fc8cf9bb23938b381d161fbdf8b0db78a1f54ad89e4c9b
          • Opcode Fuzzy Hash: 74ffacd2ef03bbcaf76bf4871256502bfb38b8a5698f50e2a712a4d5d9e18f70
          • Instruction Fuzzy Hash: 8AC18931E142198EEB0EAF7CCC65BFDBBA1FB94304F24857CE507EA296DA3449419B05
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID:
          • String ID: ;
          • API String ID: 0-1661535913
          • Opcode ID: 74ffacd2ef03bbcaf76bf4871256502bfb38b8a5698f50e2a712a4d5d9e18f70
          • Instruction ID: 5e8d982f66dd21990f16babdf1d69f1d2db492f9ae8815f33eb66d6da8f6cf25
          • Opcode Fuzzy Hash: 74ffacd2ef03bbcaf76bf4871256502bfb38b8a5698f50e2a712a4d5d9e18f70
          • Instruction Fuzzy Hash: 9BC17631E542158FEB4EBF78CD96FBDBAB1EB84300F20857CE547EA196DA3489449B01
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID: ;
          • API String ID: 0-1661535913
          • Opcode ID: 74ffacd2ef03bbcaf76bf4871256502bfb38b8a5698f50e2a712a4d5d9e18f70
          • Instruction ID: a6dcf6bebfd07eaadd68bd911f4d1fb555c56f301b356e7dfd3f92ebdb66725f
          • Opcode Fuzzy Hash: 74ffacd2ef03bbcaf76bf4871256502bfb38b8a5698f50e2a712a4d5d9e18f70
          • Instruction Fuzzy Hash: A9C14331E142158FEB4EAB7CCD95BBDBAB1EB9A300F20857CE507A70D5DB348A549B01
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID: ;
          • API String ID: 0-1661535913
          • Opcode ID: 74ffacd2ef03bbcaf76bf4871256502bfb38b8a5698f50e2a712a4d5d9e18f70
          • Instruction ID: f04516e3ef42a8d5c3da1b8a9ed4024258a8424cdff9ba4e997ab66c05cae4be
          • Opcode Fuzzy Hash: 74ffacd2ef03bbcaf76bf4871256502bfb38b8a5698f50e2a712a4d5d9e18f70
          • Instruction Fuzzy Hash: E8C17B31E14A958FEB0EAB79CC75BBCBAA9EFA8300F25457CE507D7095DB7449808B01
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a7cd8add1910d5b98ce0fc3741329ccef62c9046a25ca4e34c1b25357b64e1a7
          • Instruction ID: 74e4b0a5677c11f41148e84b762e4ad114092ffa635109e17512dcedd624fee5
          • Opcode Fuzzy Hash: a7cd8add1910d5b98ce0fc3741329ccef62c9046a25ca4e34c1b25357b64e1a7
          • Instruction Fuzzy Hash: D7216B32744741DDE30F5A748D66F393A49A7FCB40F26953CA2C3CA0D2DB24E9455E41
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a7cd8add1910d5b98ce0fc3741329ccef62c9046a25ca4e34c1b25357b64e1a7
          • Instruction ID: 173a4bbb1b02c19873375edfecf7c515c7e0902c1fe8783308327bb8f24e9014
          • Opcode Fuzzy Hash: a7cd8add1910d5b98ce0fc3741329ccef62c9046a25ca4e34c1b25357b64e1a7
          • Instruction Fuzzy Hash: 0621793274450D9DE30F76348D66F397A46A7ECB00F2687BCA3C3C60D7EB20A9454A41
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a7cd8add1910d5b98ce0fc3741329ccef62c9046a25ca4e34c1b25357b64e1a7
          • Instruction ID: b0b0f6594bc847a318b0679c3269050ae1c321acc6c8d068ac116fc41d9ea944
          • Opcode Fuzzy Hash: a7cd8add1910d5b98ce0fc3741329ccef62c9046a25ca4e34c1b25357b64e1a7
          • Instruction Fuzzy Hash: B9214932B54505ADE30F56348DA6F393A46E7EC740F26853FA2C3CE3D2DB24A9455A41
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a7cd8add1910d5b98ce0fc3741329ccef62c9046a25ca4e34c1b25357b64e1a7
          • Instruction ID: 95808371f9a0024281c1399142ee0ed858f95000d0df33325eda47220629740e
          • Opcode Fuzzy Hash: a7cd8add1910d5b98ce0fc3741329ccef62c9046a25ca4e34c1b25357b64e1a7
          • Instruction Fuzzy Hash: 3B219032744D01DDE30D5738CE66F3A7A69E7D0740F24C53CA14BCA0D3D974A9455A41
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368598650.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ab0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a7cd8add1910d5b98ce0fc3741329ccef62c9046a25ca4e34c1b25357b64e1a7
          • Instruction ID: c71be88329dd4e8795da49d67ace62fb8146a115e391b98c389e2321f55a4e0a
          • Opcode Fuzzy Hash: a7cd8add1910d5b98ce0fc3741329ccef62c9046a25ca4e34c1b25357b64e1a7
          • Instruction Fuzzy Hash: 11216B32744A01AEE30D6734CE66FFBBA6DE7D1740F24853CA143C60D3ED24A9C55A41
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a7cd8add1910d5b98ce0fc3741329ccef62c9046a25ca4e34c1b25357b64e1a7
          • Instruction ID: c101008360a70bba953dfccc8f45265c4d30770c9e12f4e056dc55a4a1ab0098
          • Opcode Fuzzy Hash: a7cd8add1910d5b98ce0fc3741329ccef62c9046a25ca4e34c1b25357b64e1a7
          • Instruction Fuzzy Hash: 63219032744D05ADEF0D57B8CE66F393AE6EBD0BD0F24853CA243CA0D3E934A9455A41
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a7cd8add1910d5b98ce0fc3741329ccef62c9046a25ca4e34c1b25357b64e1a7
          • Instruction ID: b21d3d18100cb66e8cd38ea6213b1d7b05b4cf9ec0159af0bdd432191d3ec6e3
          • Opcode Fuzzy Hash: a7cd8add1910d5b98ce0fc3741329ccef62c9046a25ca4e34c1b25357b64e1a7
          • Instruction Fuzzy Hash: C4218B32B44209ADE30D66388D66FFBAA45F7D0704F24853CA143CA3D3ED26A9455E4A
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a7cd8add1910d5b98ce0fc3741329ccef62c9046a25ca4e34c1b25357b64e1a7
          • Instruction ID: 84d4d48ce1dfd621a3a4939e84739aca68db45ce0869b9393f87c9036eaec49e
          • Opcode Fuzzy Hash: a7cd8add1910d5b98ce0fc3741329ccef62c9046a25ca4e34c1b25357b64e1a7
          • Instruction Fuzzy Hash: 11216832B44D01AEF3CD7B34CE66F3A2A66A7D0B00F25853CA243CA0D6E924A94D5B41
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a7cd8add1910d5b98ce0fc3741329ccef62c9046a25ca4e34c1b25357b64e1a7
          • Instruction ID: a262f05916bea1ebafb63e0ae870d857fd6895c0e0a10659b97fd77f6881b414
          • Opcode Fuzzy Hash: a7cd8add1910d5b98ce0fc3741329ccef62c9046a25ca4e34c1b25357b64e1a7
          • Instruction Fuzzy Hash: FC217D32B449019EE30E5B34CE66F3A7A55E7D3740F24853CA143CB0D3DB34A9455A41
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a7cd8add1910d5b98ce0fc3741329ccef62c9046a25ca4e34c1b25357b64e1a7
          • Instruction ID: f1c9f654c4059cf38281dc1ff222d5fc06ba15fd9295a2370cb02aefd53d1a0d
          • Opcode Fuzzy Hash: a7cd8add1910d5b98ce0fc3741329ccef62c9046a25ca4e34c1b25357b64e1a7
          • Instruction Fuzzy Hash: FC214822E44DC19DE30F56768DA6F3D7A46E7ACB40F26843CE1C3C6092DBF4A9C54A41
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7f4fac0ee71ee3a88b95732bed2c4331138a9e972e4e424f29959c34f233401e
          • Instruction ID: e354aa09bbad0831efd843dbd4f341fc08c36676bf2e380d64408b713d65d5fe
          • Opcode Fuzzy Hash: 7f4fac0ee71ee3a88b95732bed2c4331138a9e972e4e424f29959c34f233401e
          • Instruction Fuzzy Hash: 5E213832B04700DEE70FAA788D56F397645A7FC700F26853CA283C6496DB34E9045E41
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7f4fac0ee71ee3a88b95732bed2c4331138a9e972e4e424f29959c34f233401e
          • Instruction ID: 08d95a6018016bde344bdc3687b2599654c9933f598414f24ea74a54f57d1f66
          • Opcode Fuzzy Hash: 7f4fac0ee71ee3a88b95732bed2c4331138a9e972e4e424f29959c34f233401e
          • Instruction Fuzzy Hash: BF21F632B0450D9EE70FBA788D66F397655A7EC700F2686BCA383C6097DB34A9445A41
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7f4fac0ee71ee3a88b95732bed2c4331138a9e972e4e424f29959c34f233401e
          • Instruction ID: 7ea266fe8fc6faf63f12f355d26200b2cfc057513a64d98e3020538c5b8d7700
          • Opcode Fuzzy Hash: 7f4fac0ee71ee3a88b95732bed2c4331138a9e972e4e424f29959c34f233401e
          • Instruction Fuzzy Hash: 42210832B145019EE70FAA78CD56F397A55A7EC700F26843FA283CE296DB34E9445A41
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7f4fac0ee71ee3a88b95732bed2c4331138a9e972e4e424f29959c34f233401e
          • Instruction ID: 02301a3511874d112dded203e335b42d3aa716e802465d333d202d9b38935aca
          • Opcode Fuzzy Hash: 7f4fac0ee71ee3a88b95732bed2c4331138a9e972e4e424f29959c34f233401e
          • Instruction Fuzzy Hash: 6D215932B14901DEE70DAB38CEA6F3A7A69EBD0700F34C43CA14BCA0D6E974E9045E41
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368598650.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ab0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7f4fac0ee71ee3a88b95732bed2c4331138a9e972e4e424f29959c34f233401e
          • Instruction ID: 0054f9a858f005c8ca8ddcd3426a937ca7c042a517fe35ec0da6ee31d1bbf27e
          • Opcode Fuzzy Hash: 7f4fac0ee71ee3a88b95732bed2c4331138a9e972e4e424f29959c34f233401e
          • Instruction Fuzzy Hash: 66210532B149019EE70DAB388EA6FBBFA6DA7D0700F24853DA143C6097ED34A9845A41
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7f4fac0ee71ee3a88b95732bed2c4331138a9e972e4e424f29959c34f233401e
          • Instruction ID: 2b297a7020a7edd2350e55baeccfc7411059110ca8a76b26cb8276837b7c236d
          • Opcode Fuzzy Hash: 7f4fac0ee71ee3a88b95732bed2c4331138a9e972e4e424f29959c34f233401e
          • Instruction Fuzzy Hash: 9E213D32B049019EEF0D6BB8CE96F397AE6ABD07D0F34C43CA143C6096D934A9445E41
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7f4fac0ee71ee3a88b95732bed2c4331138a9e972e4e424f29959c34f233401e
          • Instruction ID: 38201864ad1ab6a1edbaff93e2685343de31a24e0a7fa947dea3151d7f9e29be
          • Opcode Fuzzy Hash: 7f4fac0ee71ee3a88b95732bed2c4331138a9e972e4e424f29959c34f233401e
          • Instruction Fuzzy Hash: 84213832B045099EE30DAA388D66FBBFA55F7D0704F34C53CA143C6396DD35A8045E46
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7f4fac0ee71ee3a88b95732bed2c4331138a9e972e4e424f29959c34f233401e
          • Instruction ID: f1b8e9116f17c12559d69154c3bf19ae492f0427fdf933942656a458daf06443
          • Opcode Fuzzy Hash: 7f4fac0ee71ee3a88b95732bed2c4331138a9e972e4e424f29959c34f233401e
          • Instruction Fuzzy Hash: 0A212432B049019EE7CDBB38CEA6F3A7A65ABD0700F34843CA243C6096E934A90C5B41
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7f4fac0ee71ee3a88b95732bed2c4331138a9e972e4e424f29959c34f233401e
          • Instruction ID: d1b8611de1158d1f3245154de369f54a97c1db18f144252fb4392ee6cd64964d
          • Opcode Fuzzy Hash: 7f4fac0ee71ee3a88b95732bed2c4331138a9e972e4e424f29959c34f233401e
          • Instruction Fuzzy Hash: 42213632B149019EE74EAB38CEA6F3A7A65ABD3700F34C43DA143C70D6EB34A9445E41
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7f4fac0ee71ee3a88b95732bed2c4331138a9e972e4e424f29959c34f233401e
          • Instruction ID: 96c9b687253ac4c479e0463a166aa6b00c0a439d993f0c5033ab8d8cf8dcc29a
          • Opcode Fuzzy Hash: 7f4fac0ee71ee3a88b95732bed2c4331138a9e972e4e424f29959c34f233401e
          • Instruction Fuzzy Hash: 1821F932F14D819DE30F9A7A8D96F3D7A55A7AC700F36843CE1C3C6095DBB4A9C45A41
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3532a5b9e889e1018fda24c33b75067d7e3bd4376ad68f0c0787b683f3d5af84
          • Instruction ID: 8d2a1f130e2fbb9cc20abcb4784415031ec8d93b2280fd3b35956f9bad618614
          • Opcode Fuzzy Hash: 3532a5b9e889e1018fda24c33b75067d7e3bd4376ad68f0c0787b683f3d5af84
          • Instruction Fuzzy Hash: E6012622E14644DDFB0F2BB88E32F7C3A45EBBE300F16A57DA04385097C738CA049185
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3532a5b9e889e1018fda24c33b75067d7e3bd4376ad68f0c0787b683f3d5af84
          • Instruction ID: 91e9772006f91da70dc95c542ed8d88bd3782a20c6523c72b18713b56b31a907
          • Opcode Fuzzy Hash: 3532a5b9e889e1018fda24c33b75067d7e3bd4376ad68f0c0787b683f3d5af84
          • Instruction Fuzzy Hash: 13012662E1424CDDE71F6B74CE32B3C3A85EB9E390F1564BDA24386097CB388A048185
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3532a5b9e889e1018fda24c33b75067d7e3bd4376ad68f0c0787b683f3d5af84
          • Instruction ID: 9bd7cb99475969e8755d81fd2ec4334f35725de13f1951ceced4098708bfa3c3
          • Opcode Fuzzy Hash: 3532a5b9e889e1018fda24c33b75067d7e3bd4376ad68f0c0787b683f3d5af84
          • Instruction Fuzzy Hash: BF012622E14644DDEB0F2B748E26B3C3A45EB9E300F15647FA04389297C7388A04A185
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3532a5b9e889e1018fda24c33b75067d7e3bd4376ad68f0c0787b683f3d5af84
          • Instruction ID: 1ea474e32a03f14a3b486ae8a7f46414ed63f13bfa96bc3437b1dd2f91637765
          • Opcode Fuzzy Hash: 3532a5b9e889e1018fda24c33b75067d7e3bd4376ad68f0c0787b683f3d5af84
          • Instruction Fuzzy Hash: 6701D632A14644DDEB5E6B748F32F7D3E55EB92300F18E47DA04FC9097D57885059187
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3532a5b9e889e1018fda24c33b75067d7e3bd4376ad68f0c0787b683f3d5af84
          • Instruction ID: 8711a032cf943a8fd70602fea1eb9f19d25526d6c47a0afb431679f3b907062c
          • Opcode Fuzzy Hash: 3532a5b9e889e1018fda24c33b75067d7e3bd4376ad68f0c0787b683f3d5af84
          • Instruction Fuzzy Hash: 70010432B14644EDEF4E2B788E22F3D3AD5EF923C0F14A4BDA043C9093D53885059185
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3532a5b9e889e1018fda24c33b75067d7e3bd4376ad68f0c0787b683f3d5af84
          • Instruction ID: 8be541ee909f46a559cf832efd55e6bf47cd455e091cd9820bfa8a1752640c93
          • Opcode Fuzzy Hash: 3532a5b9e889e1018fda24c33b75067d7e3bd4376ad68f0c0787b683f3d5af84
          • Instruction Fuzzy Hash: 62010073A146449EEBCE3B788E22F393A65FF92300F14647DA043C9093C9388A8C9785
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3532a5b9e889e1018fda24c33b75067d7e3bd4376ad68f0c0787b683f3d5af84
          • Instruction ID: af9c01820177c8e87e860180c3a9ace864ae2147ef82d0cff3dbb3183dd394eb
          • Opcode Fuzzy Hash: 3532a5b9e889e1018fda24c33b75067d7e3bd4376ad68f0c0787b683f3d5af84
          • Instruction Fuzzy Hash: FF010432A146449DEB4E2B74CE22F397A55EB9B700F14647DA043C70D7C73C85088189
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3532a5b9e889e1018fda24c33b75067d7e3bd4376ad68f0c0787b683f3d5af84
          • Instruction ID: 21c715a648b2ca89c7a1ae1c3edf5c28464eeae902765dcb43386a414d866702
          • Opcode Fuzzy Hash: 3532a5b9e889e1018fda24c33b75067d7e3bd4376ad68f0c0787b683f3d5af84
          • Instruction Fuzzy Hash: FA010822E14EC49DE70F2B768E32F3C7A45EB5E300F15647DE08385097C7B886858295
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 99e009d067f671e32f9044b1b70820800b5c3bd0c1b4a0568846daaac642bda8
          • Instruction ID: a41d01bea4edbbb74a304cc771b31a397fada3295db9921b460193417f2145a7
          • Opcode Fuzzy Hash: 99e009d067f671e32f9044b1b70820800b5c3bd0c1b4a0568846daaac642bda8
          • Instruction Fuzzy Hash: 0101F57271A561CED70F8FB8C962F706752A7FD700F3B816E8102CA081D734C5309612
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 99e009d067f671e32f9044b1b70820800b5c3bd0c1b4a0568846daaac642bda8
          • Instruction ID: d1d4eac7d1f55a7aa039c2c09071b0c0303092d323852e0e77c3b84158773c3e
          • Opcode Fuzzy Hash: 99e009d067f671e32f9044b1b70820800b5c3bd0c1b4a0568846daaac642bda8
          • Instruction Fuzzy Hash: 1401F57271A549CEDB1F8B74CD617702792A7DD730F3B806A8303CA087D73445309212
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 99e009d067f671e32f9044b1b70820800b5c3bd0c1b4a0568846daaac642bda8
          • Instruction ID: 79781e7319b4e74304396c5a8049e1333547fe7c554689a972959d2120bbe4d5
          • Opcode Fuzzy Hash: 99e009d067f671e32f9044b1b70820800b5c3bd0c1b4a0568846daaac642bda8
          • Instruction Fuzzy Hash: F301F17272A541CED70F8BB4D961B712B92A7DD700F3B816B8102CA785E738C530A252
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 99e009d067f671e32f9044b1b70820800b5c3bd0c1b4a0568846daaac642bda8
          • Instruction ID: f93ee788e4a5c0e4514210ec7c5cd3bffe1b753b97e175030e86426f025aad08
          • Opcode Fuzzy Hash: 99e009d067f671e32f9044b1b70820800b5c3bd0c1b4a0568846daaac642bda8
          • Instruction Fuzzy Hash: F401247272A541CFD70A9BB4CD71F317BB2A7D1701F39C06A810ECA085D5F88530A612
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368598650.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ab0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 99e009d067f671e32f9044b1b70820800b5c3bd0c1b4a0568846daaac642bda8
          • Instruction ID: 42aac65143de77de745e8d8f56de06b592bea4451d492c29f4899d02ee409964
          • Opcode Fuzzy Hash: 99e009d067f671e32f9044b1b70820800b5c3bd0c1b4a0568846daaac642bda8
          • Instruction Fuzzy Hash: 8D01F57271A541CED70A8774C971FF32B7EA7D5700F39C06A8002CA083D5F88430A212
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 99e009d067f671e32f9044b1b70820800b5c3bd0c1b4a0568846daaac642bda8
          • Instruction ID: 4b88fa9e088185c4da22528979969a140dc441363ea8bc86c5e0b452b2088a1a
          • Opcode Fuzzy Hash: 99e009d067f671e32f9044b1b70820800b5c3bd0c1b4a0568846daaac642bda8
          • Instruction Fuzzy Hash: 4F01F57271A541CEDF0A8B78C961F313AF2A7D17C0F39806A8302CE081D7F84430A212
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 99e009d067f671e32f9044b1b70820800b5c3bd0c1b4a0568846daaac642bda8
          • Instruction ID: 70bed00eaebe037cada806f6e5d047644b5ec52302d1bc70e39e652634d2b18d
          • Opcode Fuzzy Hash: 99e009d067f671e32f9044b1b70820800b5c3bd0c1b4a0568846daaac642bda8
          • Instruction Fuzzy Hash: 4201F57271A749CED70A87B8C9617F32B52F7F7709F38C06A8002CA381D4348430AE12
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 99e009d067f671e32f9044b1b70820800b5c3bd0c1b4a0568846daaac642bda8
          • Instruction ID: f99f25598e1d35437a802576e6181a9cc6a22f2b6a1db153529682451fd664af
          • Opcode Fuzzy Hash: 99e009d067f671e32f9044b1b70820800b5c3bd0c1b4a0568846daaac642bda8
          • Instruction Fuzzy Hash: C901247272A541CFD7CABBB4C961F313AB2ABD1700F39C17A8042CA081F5F88438A312
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 99e009d067f671e32f9044b1b70820800b5c3bd0c1b4a0568846daaac642bda8
          • Instruction ID: 4f47ad366f1c48a07fe61bede83352edd3da5d34a197502beff1adb8f16a107f
          • Opcode Fuzzy Hash: 99e009d067f671e32f9044b1b70820800b5c3bd0c1b4a0568846daaac642bda8
          • Instruction Fuzzy Hash: 3501F172B2A541CFD70A8BB4C961F716BB2A7D370CF39806A8002CB0C1D7F98430A212
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 99e009d067f671e32f9044b1b70820800b5c3bd0c1b4a0568846daaac642bda8
          • Instruction ID: 1c4ea3d4756e2c7e181144c26f7df64d43c9d6ebd8b8a4846e98ba488b011a7d
          • Opcode Fuzzy Hash: 99e009d067f671e32f9044b1b70820800b5c3bd0c1b4a0568846daaac642bda8
          • Instruction Fuzzy Hash: 2401D27271ADC1CFD70F87A7896177867A2A7DD704F3A846AC002CA081D7A845F09212
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e93e465038acf3c6ed2a827d64366fbcda89879045cb9da6fa8331c80d0a5316
          • Instruction ID: 8a1c1bd0e38b6b17c354765eccc094e72766e0f08b923b9dca1eb223a2baeed6
          • Opcode Fuzzy Hash: e93e465038acf3c6ed2a827d64366fbcda89879045cb9da6fa8331c80d0a5316
          • Instruction Fuzzy Hash: D201D132F14504DEEB4F7AB8CE62F797A81EBB8700F15993CB043C6096CB38CA049295
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e93e465038acf3c6ed2a827d64366fbcda89879045cb9da6fa8331c80d0a5316
          • Instruction ID: b3fadc056b5b04780e06630877bea422ae47e34b317846fb8dc4ea7924b06b5b
          • Opcode Fuzzy Hash: e93e465038acf3c6ed2a827d64366fbcda89879045cb9da6fa8331c80d0a5316
          • Instruction Fuzzy Hash: 0D01D132F14508DEEB4FBA78CE62F797A81EB98780F15553CA243C6097CB388A049285
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e93e465038acf3c6ed2a827d64366fbcda89879045cb9da6fa8331c80d0a5316
          • Instruction ID: 015b4a3192705ef67d9618817160e48dca46eb380696497dbd24195d35b3c5a4
          • Opcode Fuzzy Hash: e93e465038acf3c6ed2a827d64366fbcda89879045cb9da6fa8331c80d0a5316
          • Instruction Fuzzy Hash: D101D631F24504DDEB4F7B78CD66B797981EB9C700F15553EA043C6196C738C604A185
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e93e465038acf3c6ed2a827d64366fbcda89879045cb9da6fa8331c80d0a5316
          • Instruction ID: 3ddff3e4225f748febad732057f4c0467a2650441a543ea3bc211972b3b778e0
          • Opcode Fuzzy Hash: e93e465038acf3c6ed2a827d64366fbcda89879045cb9da6fa8331c80d0a5316
          • Instruction Fuzzy Hash: 3C01F931B14504DDEB4E7B78CE62F797991EB94700F14D53CB04BC60D6C578C5049186
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e93e465038acf3c6ed2a827d64366fbcda89879045cb9da6fa8331c80d0a5316
          • Instruction ID: 864a9824965f483ef9bb0ca1c75f32f454dd8b58c7b7a21ec02459924ddf7c2e
          • Opcode Fuzzy Hash: e93e465038acf3c6ed2a827d64366fbcda89879045cb9da6fa8331c80d0a5316
          • Instruction Fuzzy Hash: 3B01D132B24504DEEF8D7B7CCE62F7A79E1EF94780F14953CA043C6096DA3889049285
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e93e465038acf3c6ed2a827d64366fbcda89879045cb9da6fa8331c80d0a5316
          • Instruction ID: ba26dacec4a3ce95b80e7dfb6c959a9dd68a1a081a5c2af47cc0abeb3062f3c7
          • Opcode Fuzzy Hash: e93e465038acf3c6ed2a827d64366fbcda89879045cb9da6fa8331c80d0a5316
          • Instruction Fuzzy Hash: DC01D132B14504DEEBCD7F78CE66F7A79A1EB94700F14553CA043C6096CA38894C9385
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e93e465038acf3c6ed2a827d64366fbcda89879045cb9da6fa8331c80d0a5316
          • Instruction ID: c35ed406c470d549a6731e57f7e1fcbb8779e4c40e89db9d4c92e93e20ec76ee
          • Opcode Fuzzy Hash: e93e465038acf3c6ed2a827d64366fbcda89879045cb9da6fa8331c80d0a5316
          • Instruction Fuzzy Hash: 3C01D132B24504DEEB4D7F78CE62F7AB9A5EB9A700F14553CA043C70D6CB3C89089289
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e93e465038acf3c6ed2a827d64366fbcda89879045cb9da6fa8331c80d0a5316
          • Instruction ID: b4e2e2ebad7b3e2c2f763dc2bd90aa1b8e5685363c8ca406a847267ed907c1dd
          • Opcode Fuzzy Hash: e93e465038acf3c6ed2a827d64366fbcda89879045cb9da6fa8331c80d0a5316
          • Instruction Fuzzy Hash: 7801D631F14D84DDE74F7A79CD62F7D7981EB98700F15553CE043C6096C7B886849295
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 800ca9901f4f7783229ea11608707816a2a8d68b152e2172758c9a004fac7bb0
          • Instruction ID: cf18c77e6578def4459e0ac18cb8b44dfb3387ddc841875282cd4d3ac02fbfa1
          • Opcode Fuzzy Hash: 800ca9901f4f7783229ea11608707816a2a8d68b152e2172758c9a004fac7bb0
          • Instruction Fuzzy Hash: D601D132A08701EAD70F97248996F357766A7B8740F36D02D82C3C6595EB30E9416E81
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 800ca9901f4f7783229ea11608707816a2a8d68b152e2172758c9a004fac7bb0
          • Instruction ID: 6d9daa3929abbe1604d1fb1c6e08605e58492e00f07d4433d30282e5c4a6c8eb
          • Opcode Fuzzy Hash: 800ca9901f4f7783229ea11608707816a2a8d68b152e2172758c9a004fac7bb0
          • Instruction Fuzzy Hash: DC01F972B08509EED70FB6248D51B357766A7DC740F36D2A983C3C6597EB30B8415E41
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 800ca9901f4f7783229ea11608707816a2a8d68b152e2172758c9a004fac7bb0
          • Instruction ID: 0c8d512b9b1292e3d68d860927f883a295c04965f7ea17a74c0c36f68df8df52
          • Opcode Fuzzy Hash: 800ca9901f4f7783229ea11608707816a2a8d68b152e2172758c9a004fac7bb0
          • Instruction Fuzzy Hash: 2401D632A04501AAD70F96248955B797765A7D8740F36D02B81C3CE795EB30B8415E41
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 800ca9901f4f7783229ea11608707816a2a8d68b152e2172758c9a004fac7bb0
          • Instruction ID: b9c5113582fbc434706052bf1c023c9ceff7588d3ff197c12fa91a08cb9f05d9
          • Opcode Fuzzy Hash: 800ca9901f4f7783229ea11608707816a2a8d68b152e2172758c9a004fac7bb0
          • Instruction Fuzzy Hash: E601FF72B08D01EED30D9728CE92F3A677AA7E0740F34D439814BCA595EA30A8426E81
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 800ca9901f4f7783229ea11608707816a2a8d68b152e2172758c9a004fac7bb0
          • Instruction ID: e7b795b953aed2693a742d9aa7ede1a7327c4a4b6a2acf783ec8d09bca2191e8
          • Opcode Fuzzy Hash: 800ca9901f4f7783229ea11608707816a2a8d68b152e2172758c9a004fac7bb0
          • Instruction Fuzzy Hash: F301F436B08D01EEDF0D97E48992F3977F6A7D07E0F34D0298143C6595EA30A8416E81
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID: DateEnumFormats
          • String ID:
          • API String ID: 2327613676-0
          • Opcode ID: 800ca9901f4f7783229ea11608707816a2a8d68b152e2172758c9a004fac7bb0
          • Instruction ID: a76a4f05214ccd837579350a7dbb975d9c78b48333760cd70721650f70e8b947
          • Opcode Fuzzy Hash: 800ca9901f4f7783229ea11608707816a2a8d68b152e2172758c9a004fac7bb0
          • Instruction Fuzzy Hash: 09012132A08109AED31C86248992BB7E766F790708F34D0298143C6395EE32B8016E85
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 800ca9901f4f7783229ea11608707816a2a8d68b152e2172758c9a004fac7bb0
          • Instruction ID: 37d7df9077be1597ec0d991ae2acc5d56d9c983b02194a03b47d909a7d9a4fe9
          • Opcode Fuzzy Hash: 800ca9901f4f7783229ea11608707816a2a8d68b152e2172758c9a004fac7bb0
          • Instruction Fuzzy Hash: 8901F432B08D01AEE38DB7248992F356776A7D0740F34D0298143C6595EA30A84D6F81
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 800ca9901f4f7783229ea11608707816a2a8d68b152e2172758c9a004fac7bb0
          • Instruction ID: b97217055e3ffdc0fc91bc34e0db77dc5e3e8d80123a607b513e0575581f2496
          • Opcode Fuzzy Hash: 800ca9901f4f7783229ea11608707816a2a8d68b152e2172758c9a004fac7bb0
          • Instruction Fuzzy Hash: 1901FF32B08D01AED30E97248A92F39A776A7E3740F34D42A8143CB5D5EB30B8426E81
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 800ca9901f4f7783229ea11608707816a2a8d68b152e2172758c9a004fac7bb0
          • Instruction ID: f65d0e341e9647ac200cced9ec5393254cedcc6fed9d3b362d2964bea3bfdabf
          • Opcode Fuzzy Hash: 800ca9901f4f7783229ea11608707816a2a8d68b152e2172758c9a004fac7bb0
          • Instruction Fuzzy Hash: A701D632E08D81AAD30F96678991B3D7766A7AC740F36D029C1C3C6595EBB0A8C15E41
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9b1baa6026051bf82b643d30d341486d5f541b66683e262708881056f3a0292f
          • Instruction ID: 6c17f33622149782b81e1fbd127e2e3ca29db199cd5d39aaf2048ce860b46d32
          • Opcode Fuzzy Hash: 9b1baa6026051bf82b643d30d341486d5f541b66683e262708881056f3a0292f
          • Instruction Fuzzy Hash: F6F0C232B08701DED70F86248986F35776AA7BC740F36D02D91C3CA994EB30E941AE81
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9b1baa6026051bf82b643d30d341486d5f541b66683e262708881056f3a0292f
          • Instruction ID: 83b89e86b160800b73e15066afceee3c8490554738f1accb58d21087488d00d9
          • Opcode Fuzzy Hash: 9b1baa6026051bf82b643d30d341486d5f541b66683e262708881056f3a0292f
          • Instruction Fuzzy Hash: 50F0C832B0450DDED71FA6108D92B35B756A7EC740F39C2A993C3C65A6E730A9416E40
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9b1baa6026051bf82b643d30d341486d5f541b66683e262708881056f3a0292f
          • Instruction ID: a45a85487790a65c7f31c99901aff10122fa934e91ea55a62010b981a182a60f
          • Opcode Fuzzy Hash: 9b1baa6026051bf82b643d30d341486d5f541b66683e262708881056f3a0292f
          • Instruction Fuzzy Hash: 82F0C232B04501DED70F86248986B357766B7EC740F36C02B91C3CE794EB70A941AE80
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9b1baa6026051bf82b643d30d341486d5f541b66683e262708881056f3a0292f
          • Instruction ID: dd611899a3bbd60dc2f83061171b885281c95b56005274500a06f590b71395e1
          • Opcode Fuzzy Hash: 9b1baa6026051bf82b643d30d341486d5f541b66683e262708881056f3a0292f
          • Instruction Fuzzy Hash: 01F0F633B04D01DED30D87248D92F36777AB7E0740F34D429914BCA594EA30E841AE80
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9b1baa6026051bf82b643d30d341486d5f541b66683e262708881056f3a0292f
          • Instruction ID: b8d73d09cd0a731bb85fb6cd9cf476634ab4c903ed51d145ee1e780c8d30e434
          • Opcode Fuzzy Hash: 9b1baa6026051bf82b643d30d341486d5f541b66683e262708881056f3a0292f
          • Instruction Fuzzy Hash: 41F0F632B04D01EEDF0D87A08982F3577FAB7E07E0F34C0299143CA594EA30E841AE81
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID: DateEnumFormats
          • String ID:
          • API String ID: 2327613676-0
          • Opcode ID: 9b1baa6026051bf82b643d30d341486d5f541b66683e262708881056f3a0292f
          • Instruction ID: 169e8e1e58d7c630b556ba30830287ae9629d341b64ac3c37ef6a4ddb3e9291e
          • Opcode Fuzzy Hash: 9b1baa6026051bf82b643d30d341486d5f541b66683e262708881056f3a0292f
          • Instruction Fuzzy Hash: 16F0F632B08509EED31D86248992FB7F766F7E0748F34D0299143C67A5EE32F841AE85
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9b1baa6026051bf82b643d30d341486d5f541b66683e262708881056f3a0292f
          • Instruction ID: 42045f0c2126b3df147d7a080890715a46eaeb1abd1baa9ca54aa28b6219d3b4
          • Opcode Fuzzy Hash: 9b1baa6026051bf82b643d30d341486d5f541b66683e262708881056f3a0292f
          • Instruction Fuzzy Hash: 38F0F632B04D01DED38DA7208992F357776B7E0740F34C0299143C65A4EA30E849AF80
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9b1baa6026051bf82b643d30d341486d5f541b66683e262708881056f3a0292f
          • Instruction ID: bfd1c0ca500fea13e9cb7e339b98be17b1d9c1673beefd92c8585b84e44c5807
          • Opcode Fuzzy Hash: 9b1baa6026051bf82b643d30d341486d5f541b66683e262708881056f3a0292f
          • Instruction Fuzzy Hash: 17F0C232B049019ED30D86208992F35B776A7A3740F34C42A9143CB5D4EB30A841AE80
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9b1baa6026051bf82b643d30d341486d5f541b66683e262708881056f3a0292f
          • Instruction ID: 50389cbfaeb8e83b74594abb0ed01cca25e9318b87e37363e9babcdedda8b101
          • Opcode Fuzzy Hash: 9b1baa6026051bf82b643d30d341486d5f541b66683e262708881056f3a0292f
          • Instruction Fuzzy Hash: 9AF0C832F04D819ED30F86128982B3DB766A7AC740F3AC029D1C3C6594E7F0A9C16E40
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 23c02403007ff0e742bac16667be74291a8f702de20a6d75c21153fb19dde5c7
          • Instruction ID: 4110b3ae4b332f17b3cbb02cf76d2664ca3a36ada13ea6562b913656ed3d2da3
          • Opcode Fuzzy Hash: 23c02403007ff0e742bac16667be74291a8f702de20a6d75c21153fb19dde5c7
          • Instruction Fuzzy Hash: FFF0C232A04701DED71F8B148982F25B756BBB8740F3AC02D91C3C6954EB30E9419E80
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 23c02403007ff0e742bac16667be74291a8f702de20a6d75c21153fb19dde5c7
          • Instruction ID: ac4b66822755727ac57672c4e924c4dda81f138ae8752d06fd077979018e976c
          • Opcode Fuzzy Hash: 23c02403007ff0e742bac16667be74291a8f702de20a6d75c21153fb19dde5c7
          • Instruction Fuzzy Hash: 21F0F632A0450DDED71FEA108D91A35B756BBAC740F3AC2A993C3C7567EB30A8419E80
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 23c02403007ff0e742bac16667be74291a8f702de20a6d75c21153fb19dde5c7
          • Instruction ID: 8004d6c1ae044fcad4f042e31c37de3c6f5c1f3c6feb26d2b447954cfe8a7897
          • Opcode Fuzzy Hash: 23c02403007ff0e742bac16667be74291a8f702de20a6d75c21153fb19dde5c7
          • Instruction Fuzzy Hash: 0FF09632A04501DED71FCA148991B75B756BBEC740F3AC42B91C3CF755EB34A9419E80
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 23c02403007ff0e742bac16667be74291a8f702de20a6d75c21153fb19dde5c7
          • Instruction ID: 54a1ec86098df9e7046d0fb89a69e0d772a2205dc487cb197d392a4603a40d36
          • Opcode Fuzzy Hash: 23c02403007ff0e742bac16667be74291a8f702de20a6d75c21153fb19dde5c7
          • Instruction Fuzzy Hash: D3F09633B04D01DFD71DCB148D91E36B776BBA4740F39C429914BC7555EA34A8419E80
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 23c02403007ff0e742bac16667be74291a8f702de20a6d75c21153fb19dde5c7
          • Instruction ID: 7cb99d75aa452c7550b9941142d8229c6ad7e4fb8c324d47e0018a9f8f6ad438
          • Opcode Fuzzy Hash: 23c02403007ff0e742bac16667be74291a8f702de20a6d75c21153fb19dde5c7
          • Instruction Fuzzy Hash: D1F09632B04D01DFDF1D8B948991E35B7F6BBA47E0F39C4299143C7655EA30A841AE81
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID: DateEnumFormats
          • String ID:
          • API String ID: 2327613676-0
          • Opcode ID: 23c02403007ff0e742bac16667be74291a8f702de20a6d75c21153fb19dde5c7
          • Instruction ID: 3fab1054f577307824cf58ffd0ce6f6084bd52eef153ac63ea549648903bbfbe
          • Opcode Fuzzy Hash: 23c02403007ff0e742bac16667be74291a8f702de20a6d75c21153fb19dde5c7
          • Instruction Fuzzy Hash: 64F0F632A04509DFD31DCB148991AB7F756FBA0344F38C0299143C7755EE32E841AE85
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 23c02403007ff0e742bac16667be74291a8f702de20a6d75c21153fb19dde5c7
          • Instruction ID: c6682740bd8afa390ef2ab1b0a5ce49eaecdbf51168094a9e256c557274b4957
          • Opcode Fuzzy Hash: 23c02403007ff0e742bac16667be74291a8f702de20a6d75c21153fb19dde5c7
          • Instruction Fuzzy Hash: BAF0B432B04D01DFD79DEB248A92E36B776BBE4740F39C4299143C7565EA34E849AF80
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 23c02403007ff0e742bac16667be74291a8f702de20a6d75c21153fb19dde5c7
          • Instruction ID: 081519b05c86c3d01d188db7bc60bae4ec2cf7dc59956d24bf84d240d22c9c49
          • Opcode Fuzzy Hash: 23c02403007ff0e742bac16667be74291a8f702de20a6d75c21153fb19dde5c7
          • Instruction Fuzzy Hash: DAF09032A04D01DFD71ECB248A92E36B776BBA6740F39C4299143CB5D5EB30A841AE80
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 23c02403007ff0e742bac16667be74291a8f702de20a6d75c21153fb19dde5c7
          • Instruction ID: 9ce72207a48b6f946a276b7b5c4ea886a873a1b3f2a77b542ff2031572d4398d
          • Opcode Fuzzy Hash: 23c02403007ff0e742bac16667be74291a8f702de20a6d75c21153fb19dde5c7
          • Instruction Fuzzy Hash: A5F0F632E04D81DED31F8A128981A3DB756BBAC340F3AC029D1C3C7554EBB0A8C19E80
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: abf4fcf26cd1640b95004d2248c4455b2e9f5e834406ed0ee821ab28bd41c7cf
          • Instruction ID: 75c9a072e893ce43b4adb0753d504a50794ece4ebdb1a0b92971b97e0d8dd863
          • Opcode Fuzzy Hash: abf4fcf26cd1640b95004d2248c4455b2e9f5e834406ed0ee821ab28bd41c7cf
          • Instruction Fuzzy Hash: B2D022B3E40800E5DB0AB359D603BA833F0EB80384F24A0294003C2090EB38C600C940
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: abf4fcf26cd1640b95004d2248c4455b2e9f5e834406ed0ee821ab28bd41c7cf
          • Instruction ID: e08c0c8af439499e2d55636e270b28a3eaa5fd487ba0efd7a89fd8988728b550
          • Opcode Fuzzy Hash: abf4fcf26cd1640b95004d2248c4455b2e9f5e834406ed0ee821ab28bd41c7cf
          • Instruction Fuzzy Hash: DED022B3E40800E5DB0AF355D6033B833F0EB803C4F2420214003C3092EB38C600C940
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: abf4fcf26cd1640b95004d2248c4455b2e9f5e834406ed0ee821ab28bd41c7cf
          • Instruction ID: 4a1a1763a0a2ea424419561029bdfd30f86a518cb2f15df177ee6d23f4df3a96
          • Opcode Fuzzy Hash: abf4fcf26cd1640b95004d2248c4455b2e9f5e834406ed0ee821ab28bd41c7cf
          • Instruction Fuzzy Hash: 07D022B3E40800E5DF0AB355E6033A833F0EB84384F2420224003C2090EB3CC600E940
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: abf4fcf26cd1640b95004d2248c4455b2e9f5e834406ed0ee821ab28bd41c7cf
          • Instruction ID: f766a8f6afd3bd4a285f2512cf4e719b746e82463963e091c7cdb5103ae49f12
          • Opcode Fuzzy Hash: abf4fcf26cd1640b95004d2248c4455b2e9f5e834406ed0ee821ab28bd41c7cf
          • Instruction Fuzzy Hash: B9D012B7B55840E9DB05B795DA13BA977F0EB80784F28F4654057C2095EB79C600D942
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: abf4fcf26cd1640b95004d2248c4455b2e9f5e834406ed0ee821ab28bd41c7cf
          • Instruction ID: 43b95b39ccb06a4811f9c0fbb106b391e91f8e6af7c5839471a9443d3724156f
          • Opcode Fuzzy Hash: abf4fcf26cd1640b95004d2248c4455b2e9f5e834406ed0ee821ab28bd41c7cf
          • Instruction Fuzzy Hash: 3AD012B7B55840E9DF05B755D613BA977F0EF807C4F24A4654053C6095EB39C600D941
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: abf4fcf26cd1640b95004d2248c4455b2e9f5e834406ed0ee821ab28bd41c7cf
          • Instruction ID: c0f5ad8d4ffaebe727d66d5aae732bf2427f4fae43c42339fd503695f81dac85
          • Opcode Fuzzy Hash: abf4fcf26cd1640b95004d2248c4455b2e9f5e834406ed0ee821ab28bd41c7cf
          • Instruction Fuzzy Hash: AFD012B7A55840E5DB45B795D613BA977F0EB80784F2464654053C2095EB39C604DA41
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: abf4fcf26cd1640b95004d2248c4455b2e9f5e834406ed0ee821ab28bd41c7cf
          • Instruction ID: b4adcd7e5c8c3a485a89fa0339e5ae56f66d99587918d562592c23bfc291e7b0
          • Opcode Fuzzy Hash: abf4fcf26cd1640b95004d2248c4455b2e9f5e834406ed0ee821ab28bd41c7cf
          • Instruction Fuzzy Hash: 18D022B3A40800E5DB05B365C603BA937F0EB81B84F2420214003C30D0EB3CC600C940
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: abf4fcf26cd1640b95004d2248c4455b2e9f5e834406ed0ee821ab28bd41c7cf
          • Instruction ID: a343b51e2095bac7fe84437a8330ab4e2cb4133915b4d802636c3a7265354433
          • Opcode Fuzzy Hash: abf4fcf26cd1640b95004d2248c4455b2e9f5e834406ed0ee821ab28bd41c7cf
          • Instruction Fuzzy Hash: DCD022B3E40C80E5DB0AB356D603BAC73F0EB80384F2830218003C2090EB78C600CA40
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367451189.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1c0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 30fa249a85ac355453760ab6432d842d0306a09d2c2578d0b45ba86c7e5e086d
          • Instruction ID: 749ed717f16eab38a452cd20842c5150259914c355f345fe9197861ac5cd371b
          • Opcode Fuzzy Hash: 30fa249a85ac355453760ab6432d842d0306a09d2c2578d0b45ba86c7e5e086d
          • Instruction Fuzzy Hash: 54B092379A4860CAE3278E418B10F2076A2B7E8B48F2B8128940A07410C328C621A702
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367495852.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1f0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 30fa249a85ac355453760ab6432d842d0306a09d2c2578d0b45ba86c7e5e086d
          • Instruction ID: 5661a5c39dfc0a283b089b5891c9fa2f52dde84d53d721422de40659b88b7e35
          • Opcode Fuzzy Hash: 30fa249a85ac355453760ab6432d842d0306a09d2c2578d0b45ba86c7e5e086d
          • Instruction Fuzzy Hash: 24B092379A4848CAE7278A018B10B3076A2B7D8B58F2B81209A0A87412C3288621A702
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367467557.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1d0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 30fa249a85ac355453760ab6432d842d0306a09d2c2578d0b45ba86c7e5e086d
          • Instruction ID: 0a613c86d3e7568f4af148cd3b8081d58294c206499bd646a7ca671d615523a2
          • Opcode Fuzzy Hash: 30fa249a85ac355453760ab6432d842d0306a09d2c2578d0b45ba86c7e5e086d
          • Instruction Fuzzy Hash: 08B092379A4850CAE3278A018B10B2076A2B7D8B44F2B8222940A07614D368C621A702
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368551562.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a70000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 30fa249a85ac355453760ab6432d842d0306a09d2c2578d0b45ba86c7e5e086d
          • Instruction ID: 68bd0163ee124105ead7ba951ec8c4084c8d03c355966fca7a9328eab564689e
          • Opcode Fuzzy Hash: 30fa249a85ac355453760ab6432d842d0306a09d2c2578d0b45ba86c7e5e086d
          • Instruction Fuzzy Hash: 82B092379A4840CAE3228B018F20F2076B2B7E0B44F2AC120940E07414D3A88621A702
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368575368.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a90000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 30fa249a85ac355453760ab6432d842d0306a09d2c2578d0b45ba86c7e5e086d
          • Instruction ID: 1fc70fcf93e769f9fe57dd19ebb2c126ea80d9c16edfbef11d03d1f9990c7eca
          • Opcode Fuzzy Hash: 30fa249a85ac355453760ab6432d842d0306a09d2c2578d0b45ba86c7e5e086d
          • Instruction Fuzzy Hash: A3B09237AA4840CEEB228A028B50F2076F2B7E0B84F2A8120960A47410C3A88621A702
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367975725.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_8b0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 30fa249a85ac355453760ab6432d842d0306a09d2c2578d0b45ba86c7e5e086d
          • Instruction ID: 9f2796abf387e6d5ba7ee717e004e72c055e8c752b071fb07fd0a500f6881533
          • Opcode Fuzzy Hash: 30fa249a85ac355453760ab6432d842d0306a09d2c2578d0b45ba86c7e5e086d
          • Instruction Fuzzy Hash: 80B09B37554944C9E31246418B507527751F7E1748F364120940547510D72845119B01
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368563716.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_a80000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 30fa249a85ac355453760ab6432d842d0306a09d2c2578d0b45ba86c7e5e086d
          • Instruction ID: 68f0264d52e0137ccb5c404d924f34479b6ead8056b14764b9eea2412fe706f6
          • Opcode Fuzzy Hash: 30fa249a85ac355453760ab6432d842d0306a09d2c2578d0b45ba86c7e5e086d
          • Instruction Fuzzy Hash: 52B092379A5840CAE362AA018B10F2076B2B7E0B44F2A8130944A17410E3A88625A702
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1368588718.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_aa0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 30fa249a85ac355453760ab6432d842d0306a09d2c2578d0b45ba86c7e5e086d
          • Instruction ID: 77307c91e4deb62ba7f8d33982ea1414433f81ba9b3cd36140ee4af4363564e7
          • Opcode Fuzzy Hash: 30fa249a85ac355453760ab6432d842d0306a09d2c2578d0b45ba86c7e5e086d
          • Instruction Fuzzy Hash: 79B092379A4840CAE3228A018B10F2076B2B7E1B48F2A8120940A07490C3A88621A702
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1367482440.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1e0000_Locky.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 30fa249a85ac355453760ab6432d842d0306a09d2c2578d0b45ba86c7e5e086d
          • Instruction ID: 6a0efaf615c454a3f5c4f1029b1380a096645b9ca000edc1ac754af203597381
          • Opcode Fuzzy Hash: 30fa249a85ac355453760ab6432d842d0306a09d2c2578d0b45ba86c7e5e086d
          • Instruction Fuzzy Hash: 15B092379A4C80CAE3278A028B10B2476A2B7DCB48F2B8120D40A07410C3A88661A702
          Uniqueness

          Uniqueness Score: -1.00%